sschuberth
commented
3 years ago This article seems to contain some good information on the matter: https://survivejs.com/webpack/optimizing/build-analysis/
Closed sschuberth closed 4 months ago
sschuberth
commented
3 years ago This article seems to contain some good information on the matter: https://survivejs.com/webpack/optimizing/build-analysis/
sschuberth
commented
3 years ago FYI, Sonatype offers a Webpack plugin that does something similar to bundle sources of dependencies for upload to Nexus IQ.
sschuberth
commented
3 years ago I was told by team using Webpack that there is no general pool-proof way to detect if a project build uses Webpack. Which means we'd have no "trigger" for a potential Webpack analyzer.
So the new idea was to also create a Webpack plugin (similar to Sonatype's) that directly writes out an ORT analyzer result file, and ORT's built-in analyzer is not run at all.
sschuberth
commented
3 years ago Maybe leveraging https://github.com/webpack-contrib/webpack-bundle-analyzer is an option.
sschuberth
commented
4 months ago Closed as part of backlog grooming. Feel free to comment if you would like to contribute to this.
Webpack is a tool that creates minimized distribution bundles for JavaScript projects, in a sense similar to creating a "FatJar" / "ShadowJar" for Java projects. We already use Webpack ourselves in the WebApp reporter (again, similar to like we use shadow JARs for the ORT CLIs).
In order to bundle only used code, Webpack builds up its own dependency graph. So instead of looking at the underlying NPM / Yarn project, we probably could look at Webpack output to get the dependency graph for only what's being bundled / distributed.
The trigger for a Webpack analyzer probably could be the presence of the
webpackunderdevDependencies, although that does not seem to cover all cases, like our very own WebApp reporter (which dependens onwebpack-event-plugin) instead.