Merge pull request #106 from RobotlegsJS/migrate-to-terser-webpack-plugin

Migrate to terser-webpack-plugin

Author: tiagoschenkel

.prettierrc

@@ -7,6 +7,12 @@
   "trailingComma": "none",
   "bracketSpacing": true,
   "overrides": [
+    {
+      "files": "*.js",
+      "options": {
+        "tabWidth": 2
+      }
+    },
     {
       "files": "*.json",
       "options": {

CHANGELOG.md

@@ -41,6 +41,10 @@ Types of changes:
 - in case of vulnerabilities.
 -->
 
+#### Security
+
+- Migrate to [terser-webpack-plugin](https://github.com/webpack-contrib/terser-webpack-plugin) to solve security vulnerability (see #106).
+
 ## RobotlegsJS-SignalCommandMap 1.0.0
 
 ### [v1.0.2](https://github.com/RobotlegsJS/RobotlegsJS-SignalCommandMap/releases/tag/1.0.2) - 2019-10-24

package.json

@@ -77,49 +77,49 @@
     "@robotlegsjs/signals": "^1.0.3"
   },
   "devDependencies": {
-    "@istanbuljs/nyc-config-typescript": "^0.1.3",
-    "@types/bluebird": "^3.5.28",
-    "@types/chai": "^4.2.4",
-    "@types/mocha": "^5.2.7",
-    "@types/sinon": "^7.5.0",
-    "@types/webpack-env": "^1.14.1",
-    "bluebird": "^3.7.1",
+    "@istanbuljs/nyc-config-typescript": "^1.0.1",
+    "@types/bluebird": "^3.5.29",
+    "@types/chai": "^4.2.8",
+    "@types/mocha": "^7.0.1",
+    "@types/sinon": "^7.5.1",
+    "@types/webpack-env": "^1.15.1",
+    "bluebird": "^3.7.2",
     "browserify-versionify": "^1.0.6",
     "chai": "^4.2.0",
     "es6-map": "^0.1.5",
-    "es6-symbol": "^3.1.2",
+    "es6-symbol": "^3.1.3",
     "glslify": "^7.0.0",
     "imports-loader": "^0.8.0",
     "istanbul-instrumenter-loader": "^3.0.1",
     "karma": "^4.4.1",
     "karma-chrome-launcher": "^3.1.0",
-    "karma-coverage-istanbul-reporter": "^2.1.0",
+    "karma-coverage-istanbul-reporter": "^2.1.1",
     "karma-es6-shim": "^1.0.0",
     "karma-mocha": "^1.3.0",
     "karma-mocha-reporter": "^2.2.5",
     "karma-sinon-chai": "^2.0.2",
     "karma-sourcemap-loader": "^0.3.7",
     "karma-sourcemap-writer": "^0.1.2",
     "karma-webpack": "^4.0.2",
-    "mocha": "^6.2.2",
-    "nyc": "^14.1.1",
-    "prettier": "^1.18.2",
+    "mocha": "^7.0.1",
+    "nyc": "^15.0.0",
+    "prettier": "^1.19.1",
     "publish-please": "^5.5.1",
-    "puppeteer": "^2.0.0",
+    "puppeteer": "^2.1.1",
     "reflect-metadata": "^0.1.13",
-    "rimraf": "^3.0.0",
-    "sinon": "^7.5.0",
-    "sinon-chai": "^3.3.0",
-    "source-map-support": "^0.5.13",
+    "rimraf": "^3.0.2",
+    "sinon": "^8.1.1",
+    "sinon-chai": "^3.4.0",
+    "source-map-support": "^0.5.16",
+    "terser-webpack-plugin": "^2.3.4",
     "ts-loader": "^6.2.1",
-    "ts-node": "^8.4.1",
-    "tslint": "^5.20.0",
+    "ts-node": "^8.6.2",
+    "tslint": "^6.0.0",
     "tslint-config-prettier": "^1.18.0",
-    "typescript": "^3.6.4",
-    "uglifyjs-webpack-plugin": "^2.2.0",
-    "webpack": "^4.41.2",
-    "webpack-cli": "^3.3.9",
-    "webpack-dev-server": "^3.9.0"
+    "typescript": "^3.7.5",
+    "webpack": "^4.41.5",
+    "webpack-cli": "^3.3.10",
+    "webpack-dev-server": "^3.10.3"
   },
   "peerDependencies": {}
 }

webpack.config.js

@@ -1,15 +1,14 @@
 const webpack = require("webpack");
 const path = require("path");
-const UglifyJsPlugin = require("uglifyjs-webpack-plugin");
+const TerserPlugin = require("terser-webpack-plugin");
 
 module.exports = env => {
-
   if (!env) env = { production: false, karma: false };
 
   let mode = env.production ? "production" : "development";
   let tsconfig = !env.karma ? "tsconfig.json" : "tsconfig.test.json";
   let output = env.production ? "dist" : "dist-test";
-  let filename = env.karma ? "[name].[hash].js" : (env.production ? "robotlegs-signalcommandmap.min.js" : "robotlegs-signalcommandmap.js");
+  let filename = env.karma ? "[name].[hash].js" : env.production ? "robotlegs-signalcommandmap.min.js" : "robotlegs-signalcommandmap.js";
 
   return {
     mode: mode,
@@ -35,9 +34,7 @@ module.exports = env => {
           loader: "ts-loader?configFile=" + tsconfig
         },
         {
-          test: ((env.production) /* disable this loader for production builds */
-            ? /^$/
-            : /^.*(src).*\.ts$/),
+          test: env.production /* disable this loader for production builds */ ? /^$/ : /^.*(src).*\.ts$/,
           loader: "istanbul-instrumenter-loader",
           query: {
             embedSource: true
@@ -47,34 +44,27 @@ module.exports = env => {
       ]
     },
 
-    plugins: (
-      (env.production)
-        ? []
-        : [ new webpack.SourceMapDevToolPlugin({ test: /\.ts$/i }) ]
-    ),
+    plugins: env.production ? [] : [new webpack.SourceMapDevToolPlugin({ test: /\.ts$/i })],
 
-    optimization:
-      (env.production)
-        ? {
-            concatenateModules: true,
-            minimize: true,
-            minimizer: [
-              new UglifyJsPlugin({
-                cache: true,
-                parallel: 4,
-                uglifyOptions: {
-                  output: {
-                    comments: false
-                  }
+    optimization: env.production
+      ? {
+          concatenateModules: true,
+          minimize: true,
+          minimizer: [
+            new TerserPlugin({
+              cache: true,
+              parallel: 4,
+              terserOptions: {
+                output: {
+                  comments: false
                 }
-              })
-            ]
-          }
-        : {}
-    ,
-
+              }
+            })
+          ]
+        }
+      : {},
     resolve: {
       extensions: [".ts", ".js", ".json"]
     }
-  }
+  };
 };