Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support analyzing JavaScript projects that use Webpack #4365

Closed
sschuberth opened this issue Aug 16, 2021 · 5 comments
Closed

Support analyzing JavaScript projects that use Webpack #4365

sschuberth opened this issue Aug 16, 2021 · 5 comments
Labels
analyzer About the analyzer tool new feature Issues that are considered to be new features

Comments

@sschuberth
Copy link
Member

Webpack is a tool that creates minimized distribution bundles for JavaScript projects, in a sense similar to creating a "FatJar" / "ShadowJar" for Java projects. We already use Webpack ourselves in the WebApp reporter (again, similar to like we use shadow JARs for the ORT CLIs).

In order to bundle only used code, Webpack builds up its own dependency graph. So instead of looking at the underlying NPM / Yarn project, we probably could look at Webpack output to get the dependency graph for only what's being bundled / distributed.

The trigger for a Webpack analyzer probably could be the presence of the webpack under devDependencies, although that does not seem to cover all cases, like our very own WebApp reporter (which dependens on webpack-event-plugin) instead.

@sschuberth sschuberth added analyzer About the analyzer tool new feature Issues that are considered to be new features labels Aug 16, 2021
@sschuberth
Copy link
Member Author

This article seems to contain some good information on the matter: https://survivejs.com/webpack/optimizing/build-analysis/

@sschuberth
Copy link
Member Author

FYI, Sonatype offers a Webpack plugin that does something similar to bundle sources of dependencies for upload to Nexus IQ.

@sschuberth
Copy link
Member Author

I was told by team using Webpack that there is no general pool-proof way to detect if a project build uses Webpack. Which means we'd have no "trigger" for a potential Webpack analyzer.

So the new idea was to also create a Webpack plugin (similar to Sonatype's) that directly writes out an ORT analyzer result file, and ORT's built-in analyzer is not run at all.

@sschuberth sschuberth changed the title Add a Webpack analyzer Support analyzing JavaScript projects that use Webpack Aug 19, 2021
@sschuberth
Copy link
Member Author

Maybe leveraging https://github.com/webpack-contrib/webpack-bundle-analyzer is an option.

@sschuberth
Copy link
Member Author

Closed as part of backlog grooming. Feel free to comment if you would like to contribute to this.

@sschuberth sschuberth closed this as not planned Won't fix, can't repro, duplicate, stale Jun 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
analyzer About the analyzer tool new feature Issues that are considered to be new features
Projects
None yet
Development

No branches or pull requests

1 participant