Webpack 3 and other perks (#473)

* Update deps and fix security for font source

* Add scope hoisting plugin

* Update nvmrc to latest LTS version

* remove unecessary config

* optimize webpack config

* fix config eslintrc following new structure

* Move scope hoisting feature to prod build

* upgrade lint staged

Author: diondirza

.eslintrc

@@ -7,8 +7,12 @@
     "node": true,
     "jest": true
   },
-  "ecmaFeatures": {
-    "defaultParams": true
+  "parserOptions": {
+    "ecmaVersion": 6,
+    "sourceType": "module",
+    "ecmaFeatures": {
+      "defaultParams": true
+    }
   },
   "rules": {
     // A jsx extension is not required for files containing jsx

.nvmrc

@@ -1 +1 @@
-v6.11.0
+v6.11.1

config/values.js

@@ -73,7 +73,8 @@ const values = {
   htmlPage: {
     titleTemplate: 'React, Universally - %s',
     defaultTitle: 'React, Universally',
-    description: 'A starter kit giving you the minimum requirements for a production ready universal react application.',
+    description:
+      'A starter kit giving you the minimum requirements for a production ready universal react application.',
   },
 
   // Content Security Policy (CSP)
@@ -112,24 +113,6 @@ const values = {
   // These extensions are tried when resolving src files for our bundles..
   bundleSrcTypes: ['js', 'jsx', 'json'],
 
-  // Additional asset types to be supported for our bundles.
-  // i.e. you can import the following file types within your source and the
-  // webpack bundling process will bundle them with your source and create
-  // URLs for them that can be resolved at runtime.
-  bundleAssetTypes: [
-    'jpg',
-    'jpeg',
-    'png',
-    'gif',
-    'ico',
-    'eot',
-    'svg',
-    'ttf',
-    'woff',
-    'woff2',
-    'otf',
-  ],
-
   // What should we name the json output file that webpack generates
   // containing details of all output files for a bundle?
   bundleAssetsFileName: 'assets.json',

internal/webpack/configFactory.js

@@ -45,14 +45,17 @@ export default function webpackConfigFactory(buildOptions) {
   const ifProdClient = ifElse(isProd && isClient);
 
   console.log(
-    `==> Creating ${isProd ? 'an optimised' : 'a development'} bundle configuration for the "${target}"`,
+    `==> Creating ${isProd
+      ? 'an optimised'
+      : 'a development'} bundle configuration for the "${target}"`,
   );
 
-  const bundleConfig = isServer || isClient
-    ? // This is either our "server" or "client" bundle.
-      config(['bundles', target])
-    : // Otherwise it must be an additional node bundle.
-      config(['additionalNodeBundles', target]);
+  const bundleConfig =
+    isServer || isClient
+      ? // This is either our "server" or "client" bundle.
+        config(['bundles', target])
+      : // Otherwise it must be an additional node bundle.
+        config(['additionalNodeBundles', target]);
 
   if (!bundleConfig) {
     throw new Error('No bundle configuration exists for target:', target);
@@ -75,7 +78,9 @@ export default function webpackConfigFactory(buildOptions) {
         // Required to support hot reloading of our client.
         ifDevClient(
           () =>
-            `webpack-hot-middleware/client?reload=true&path=http://${config('host')}:${config('clientDevServerPort')}/__webpack_hmr`,
+            `webpack-hot-middleware/client?reload=true&path=http://${config('host')}:${config(
+              'clientDevServerPort',
+            )}/__webpack_hmr`,
         ),
         // The source entry file for the bundle.
         path.resolve(appRootDir.get(), bundleConfig.srcEntryFile),
@@ -109,7 +114,9 @@ export default function webpackConfigFactory(buildOptions) {
       publicPath: ifDev(
         // As we run a seperate development server for our client and server
         // bundles we need to use an absolute http path for the public path.
-        `http://${config('host')}:${config('clientDevServerPort')}${config('bundles.client.webPath')}`,
+        `http://${config('host')}:${config('clientDevServerPort')}${config(
+          'bundles.client.webPath',
+        )}`,
         // Otherwise we expect our bundled client to be served from this path.
         bundleConfig.webPath,
       ),
@@ -212,6 +219,11 @@ export default function webpackConfigFactory(buildOptions) {
           }),
       ),
 
+      // Implement webpack 3 scope hoisting that will remove function wrappers
+      // around your modules you may see some small size improvements. However,
+      // the significant improvement will be how fast the JavaScript loads in the browser.
+      ifProdClient(new webpack.optimize.ModuleConcatenationPlugin()),
+
       // We use this so that our generated [chunkhash]'s are only different if
       // the content for our respective chunks have changed.  This optimises
       // our long term browser caching strategy for our client bundle, avoiding
@@ -420,95 +432,109 @@ export default function webpackConfigFactory(buildOptions) {
       // -----------------------------------------------------------------------
     ]),
     module: {
-      rules: removeNil([
-        // JAVASCRIPT
+      // Use strict export presence so that a missing export becomes a compile error.
+      strictExportPresence: true,
+      rules: [
         {
-          test: /\.jsx?$/,
-          // We will defer all our js processing to the happypack plugin
-          // named "happypack-javascript".
-          // See the respective plugin within the plugins section for full
-          // details on what loader is being implemented.
-          loader: 'happypack/loader?id=happypack-javascript',
-          include: removeNil([
-            ...bundleConfig.srcPaths.map(srcPath => path.resolve(appRootDir.get(), srcPath)),
-            ifProdClient(path.resolve(appRootDir.get(), 'src/html')),
-          ]),
-        },
-
-        // CSS
-        // This is bound to our server/client bundles as we only expect to be
-        // serving the client bundle as a Single Page Application through the
-        // server.
-        ifElse(isClient || isServer)(
-          mergeDeep(
+          // "oneOf" will traverse all imports with following loaders until one will
+          // match the requirements. When no loader matches it will fallback to the
+          // "file" loader at the end of the loader list.
+          oneOf: removeNil([
+            // JAVASCRIPT
             {
-              test: /\.css$/,
+              test: /\.jsx?$/,
+              // We will defer all our js processing to the happypack plugin
+              // named "happypack-javascript".
+              // See the respective plugin within the plugins section for full
+              // details on what loader is being implemented.
+              loader: 'happypack/loader?id=happypack-javascript',
+              include: removeNil([
+                ...bundleConfig.srcPaths.map(srcPath => path.resolve(appRootDir.get(), srcPath)),
+                ifProdClient(path.resolve(appRootDir.get(), 'src/html')),
+              ]),
             },
-            // For development clients we will defer all our css processing to the
-            // happypack plugin named "happypack-devclient-css".
-            // See the respective plugin within the plugins section for full
-            // details on what loader is being implemented.
-            ifDevClient({
-              loaders: ['happypack/loader?id=happypack-devclient-css'],
+
+            // CSS
+            // This is bound to our server/client bundles as we only expect to be
+            // serving the client bundle as a Single Page Application through the
+            // server.
+            ifElse(isClient || isServer)(
+              mergeDeep(
+                {
+                  test: /\.css$/,
+                },
+                // For development clients we will defer all our css processing to the
+                // happypack plugin named "happypack-devclient-css".
+                // See the respective plugin within the plugins section for full
+                // details on what loader is being implemented.
+                ifDevClient({
+                  loaders: ['happypack/loader?id=happypack-devclient-css'],
+                }),
+                // For a production client build we use the ExtractTextPlugin which
+                // will extract our CSS into CSS files. We don't use happypack here
+                // as there are some edge cases where it fails when used within
+                // an ExtractTextPlugin instance.
+                // Note: The ExtractTextPlugin needs to be registered within the
+                // plugins section too.
+                ifProdClient(() => ({
+                  loader: ExtractTextPlugin.extract({
+                    fallback: 'style-loader',
+                    use: ['css-loader'],
+                  }),
+                })),
+                // When targetting the server we use the "/locals" version of the
+                // css loader, as we don't need any css files for the server.
+                ifNode({
+                  loaders: ['css-loader/locals'],
+                }),
+              ),
+            ),
+
+            // MODERNIZR
+            // This allows you to do feature detection.
+            // @see https://modernizr.com/docs
+            // @see https://github.com/peerigon/modernizr-loader
+            ifClient({
+              test: /\.modernizrrc.js$/,
+              loader: 'modernizr-loader',
             }),
-            // For a production client build we use the ExtractTextPlugin which
-            // will extract our CSS into CSS files. We don't use happypack here
-            // as there are some edge cases where it fails when used within
-            // an ExtractTextPlugin instance.
-            // Note: The ExtractTextPlugin needs to be registered within the
-            // plugins section too.
-            ifProdClient(() => ({
-              loader: ExtractTextPlugin.extract({
-                fallback: 'style-loader',
-                use: ['css-loader'],
-              }),
-            })),
-            // When targetting the server we use the "/locals" version of the
-            // css loader, as we don't need any css files for the server.
-            ifNode({
-              loaders: ['css-loader/locals'],
+            ifClient({
+              test: /\.modernizrrc(\.json)?$/,
+              loader: 'modernizr-loader!json-loader',
             }),
-          ),
-        ),
 
-        // ASSETS (Images/Fonts/etc)
-        // This is bound to our server/client bundles as we only expect to be
-        // serving the client bundle as a Single Page Application through the
-        // server.
-        ifElse(isClient || isServer)(() => ({
-          test: new RegExp(`\\.(${config('bundleAssetTypes').join('|')})$`, 'i'),
-          loader: 'file-loader',
-          query: {
-            // What is the web path that the client bundle will be served from?
-            // The same value has to be used for both the client and the
-            // server bundles in order to ensure that SSR paths match the
-            // paths used on the client.
-            publicPath: isDev
-              ? // When running in dev mode the client bundle runs on a
-                // seperate port so we need to put an absolute path here.
-                `http://${config('host')}:${config('clientDevServerPort')}${config('bundles.client.webPath')}`
-              : // Otherwise we just use the configured web path for the client.
-                config('bundles.client.webPath'),
-            // We only emit files when building a web bundle, for the server
-            // bundle we only care about the file loader being able to create
-            // the correct asset URLs.
-            emitFile: isClient,
-          },
-        })),
-
-        // MODERNIZR
-        // This allows you to do feature detection.
-        // @see https://modernizr.com/docs
-        // @see https://github.com/peerigon/modernizr-loader
-        ifClient({
-          test: /\.modernizrrc.js$/,
-          loader: 'modernizr-loader',
-        }),
-        ifClient({
-          test: /\.modernizrrc(\.json)?$/,
-          loader: 'modernizr-loader!json-loader',
-        }),
-      ]),
+            // ASSETS (Images/Fonts/etc)
+            // This is bound to our server/client bundles as we only expect to be
+            // serving the client bundle as a Single Page Application through the
+            // server.
+            ifElse(isClient || isServer)(() => ({
+              loader: 'file-loader',
+              exclude: [/\.js$/, /\.html$/, /\.json$/],
+              query: {
+                // What is the web path that the client bundle will be served from?
+                // The same value has to be used for both the client and the
+                // server bundles in order to ensure that SSR paths match the
+                // paths used on the client.
+                publicPath: isDev
+                  ? // When running in dev mode the client bundle runs on a
+                    // seperate port so we need to put an absolute path here.
+                    `http://${config('host')}:${config('clientDevServerPort')}${config(
+                      'bundles.client.webPath',
+                    )}`
+                  : // Otherwise we just use the configured web path for the client.
+                    config('bundles.client.webPath'),
+                // We only emit files when building a web bundle, for the server
+                // bundle we only care about the file loader being able to create
+                // the correct asset URLs.
+                emitFile: isClient,
+              },
+            })),
+
+            // Do not add any loader after file loader (fallback loader)
+            // Make sure to add the new loader(s) before the "file" loader.
+          ]),
+        },
+      ],
     },
   };
 

package-lock.json

@@ -60,23 +60,23 @@
   "dependencies": {
     "app-root-dir": "1.0.2",
     "colors": "1.1.2",
-    "compression": "1.6.2",
+    "compression": "1.7.0",
     "cross-env": "5.0.1",
     "dotenv": "4.0.0",
     "express": "4.15.3",
     "helmet": "3.6.1",
     "hpp": "0.2.2",
     "modernizr": "3.5.0",
-    "normalize.css": "6.0.0",
-    "offline-plugin": "4.8.1",
+    "normalize.css": "7.0.0",
+    "offline-plugin": "4.8.3",
     "prop-types": "15.5.10",
     "react": "15.6.1",
     "react-async-bootstrapper": "1.1.1",
     "react-async-component": "1.0.0-beta.3",
     "react-dom": "15.6.1",
     "react-helmet": "5.1.3",
-    "react-router-dom": "4.1.1",
-    "serialize-javascript": "1.3.0",
+    "react-router-dom": "4.1.2",
+    "serialize-javascript": "1.4.0",
     "uuid": "3.1.0"
   },
   "devDependencies": {
@@ -101,21 +101,21 @@
     "enzyme-to-json": "1.5.1",
     "eslint": "3.19.0",
     "eslint-config-airbnb": "15.0.2",
-    "eslint-plugin-import": "2.6.1",
+    "eslint-plugin-import": "2.7.0",
     "eslint-plugin-jsx-a11y": "5.1.1",
     "eslint-plugin-react": "7.1.0",
-    "extract-text-webpack-plugin": "2.1.2",
+    "extract-text-webpack-plugin": "3.0.0",
     "file-loader": "0.11.2",
     "glob": "7.1.2",
     "happypack": "3.0.3",
     "html-webpack-plugin": "2.29.0",
     "husky": "0.14.3",
     "jest": "20.0.4",
-    "lint-staged": "4.0.1",
+    "lint-staged": "4.0.2",
     "md5": "2.2.1",
     "modernizr-loader": "1.0.1",
     "node-notifier": "5.1.2",
-    "prettier": "1.5.2",
+    "prettier": "1.5.3",
     "prettier-eslint": "6.4.2",
     "prettier-eslint-cli": "4.1.1",
     "react-addons-test-utils": "15.6.0",
@@ -125,11 +125,11 @@
     "rimraf": "2.6.1",
     "semver": "5.3.0",
     "source-map-support": "0.4.15",
-    "style-loader": "0.16.1",
-    "webpack": "2.6.1",
-    "webpack-bundle-analyzer": "2.8.2",
+    "style-loader": "0.18.2",
+    "webpack": "3.3.0",
+    "webpack-bundle-analyzer": "2.8.3",
     "webpack-dev-middleware": "1.11.0",
-    "webpack-hot-middleware": "2.18.1",
+    "webpack-hot-middleware": "2.18.2",
     "webpack-md5-hash": "0.0.5",
     "webpack-node-externals": "1.6.0"
   }

package.json

@@ -17,7 +17,7 @@ const cspConfig = {
       // need the following:
       // 'data:',
     ],
-    fontSrc: ["'self'"],
+    fontSrc: ["'self'", 'data:'],
     objectSrc: ["'self'"],
     mediaSrc: ["'self'"],
     manifestSrc: ["'self'"],