webpack
Safeguard articles tagged "webpack" — guides, analysis, and best practices for software supply chain and application security.
6 articles
babel-loader: Keeping Your Babel Toolchain Lean and Patched
The babel-loader npm package bridges webpack and Babel in millions of builds. Here's how to configure it for speed, keep the toolchain patched, and know when you no longer need it.
Webpack 5 Node Polyfills: node-polyfill-webpack-plugin Explained
node-polyfill-webpack-plugin restores the Node core shims webpack 5 removed. Before you install it, understand what you are re-adding to your bundle and why webpack removed it.
copy-webpack-plugin and terser-webpack-plugin: Build Pipeline Hygiene
The copy-webpack-plugin npm package and terser-webpack-plugin sit in almost every webpack build. Here's how to configure both without leaking files or shipping stale minifiers.
webpack-bundle-analyzer: Find Bloat and Risky Dependencies in Your Bundle
webpack bundle analyzer turns your build output into a zoomable treemap. Used well, it finds not just bloat but duplicated packages, surprise transitive dependencies, and code you never meant to ship.
Webpack vs Rollup vs esbuild: A Security Comparison
Choosing a bundler is usually about speed and features. Here is how Webpack, Rollup, and esbuild compare on the dimension that matters most for supply chain security.
The Security Implications of Package Bundlers
Bundlers transform your code and dependencies into production artifacts. The security implications of this transformation are significant and widely overlooked.