Skip to content

Commit e01fb28

Browse files
vveerrggclaude
vveerrgg
and
claude
committed
fix(deps): replace webpack with esbuild for browser bundling
Eliminates serialize-javascript RCE vulnerability (transitive via webpack → terser-webpack-plugin). IIFE format with globalName is functionally equivalent to UMD for script-tag usage. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 2824be1 commit e01fb28

6 files changed

Lines changed: 43 additions & 1623 deletions

File tree

dist/browser/nostr-websocket-utils.min.js

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/browser/nostr-websocket-utils.min.js.map

Lines changed: 7 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

esbuild.browser.mjs

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
import { build } from 'esbuild';
2+
3+
const result = await build({
4+
entryPoints: ['src/browser.ts'],
5+
bundle: true,
6+
minify: true,
7+
sourcemap: true,
8+
format: 'iife',
9+
globalName: 'NostrWebSocketUtils',
10+
outfile: 'dist/browser/nostr-websocket-utils.min.js',
11+
target: ['es2020'],
12+
platform: 'browser',
13+
metafile: true,
14+
});
15+
16+
// Print bundle size info
17+
const output = Object.entries(result.metafile.outputs)
18+
.filter(([k]) => k.endsWith('.js'))
19+
.map(([k, v]) => `${k}: ${(v.bytes / 1024).toFixed(1)}KB`);
20+
console.log('Browser bundle built:', output.join(', '));

0 commit comments

Comments
 (0)