-
Notifications
You must be signed in to change notification settings - Fork 308
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support analyzing JavaScript projects that use Webpack #4365
Comments
This article seems to contain some good information on the matter: https://survivejs.com/webpack/optimizing/build-analysis/ |
FYI, Sonatype offers a Webpack plugin that does something similar to bundle sources of dependencies for upload to Nexus IQ. |
I was told by team using Webpack that there is no general pool-proof way to detect if a project build uses Webpack. Which means we'd have no "trigger" for a potential Webpack analyzer. So the new idea was to also create a Webpack plugin (similar to Sonatype's) that directly writes out an ORT analyzer result file, and ORT's built-in analyzer is not run at all. |
Maybe leveraging https://github.com/webpack-contrib/webpack-bundle-analyzer is an option. |
Closed as part of backlog grooming. Feel free to comment if you would like to contribute to this. |
Webpack is a tool that creates minimized distribution bundles for JavaScript projects, in a sense similar to creating a "FatJar" / "ShadowJar" for Java projects. We already use Webpack ourselves in the WebApp reporter (again, similar to like we use shadow JARs for the ORT CLIs).
In order to bundle only used code, Webpack builds up its own dependency graph. So instead of looking at the underlying NPM / Yarn project, we probably could look at Webpack output to get the dependency graph for only what's being bundled / distributed.
The trigger for a Webpack analyzer probably could be the presence of the
webpack
underdevDependencies
, although that does not seem to cover all cases, like our very own WebApp reporter (which dependens onwebpack-event-plugin
) instead.The text was updated successfully, but these errors were encountered: