uses the non-sync version of fs.realpath
fixes an issue with symlinked files executing multiple times
browserify#1063 browserify#1318
fixes requiring an entry from another entry
remove unused dep "deep-equal" and unused file "lib/_exclude.js"
fixes an errant space in the --no-browser-field flag alias
that kept it from working
fix tests for tap@^1.1.0 (and update tap)
housekeeping - removed unused code
remove unnecessary "isDedupe" json check. this was a hack-fix for watchify <=2.4.
fixes for the "noParse" path matcher.
add syntax check cache. this speeds up rebuilds (like when using watchify).
update to browser-pack@^5.0.0 - includes several fixes related to source maps.
Replace jsonstream with JSONStream
Replace JSONStream with jsonstream Update deps to avoid jsonstream npm case problems
browserify#1247 https://github.com/substack/node-browserify/commit/1ca71e23
ensures that entry paths are always full paths
adds --no-browser-field and opts.browserField = false behavior to turn off
the package.json browser field. This is useful if you want to make a bundle with
a target of node or some environment with shimmed node primitives.
A new alias --node sets --no-browser-field and --bare.
The ‘process’ dependency was updated to ~0.11.0, this module is inserted into bundles as the ‘process’ global/dependency. Previously, an unhandled error thrown in a ‘process.nextTick’ task would prevent any subsequent tasks from running, forever. The task queue now recovers from this condition, but may do so on a future browser tick. As part of this update, ‘process.nextTick’ now accepts variadic arguments, passed to the task, added to io.js in 1.8.1.
- Escapes JavaScript-unsafe characters from JSON. #1211
- Removes ‘-v’ shortcut for ‘--version’ (conflicted with watchify) #1222
- Updated ‘defined’, ‘punycode’, ‘module-deps’, and ‘xtend’ dependencies to reduce install size #1230
makes .require({ expose: 'name' }) and require('name') work at the same time
browserify#850 browserify#1202
fixes an issue with catching error events on the b.bundle() stream
browserify#1194 browserify#1195
republishing 9.0.5 in an attempt to satisfy npm.
sets the stream returned by bundle() to be readable-only
handles the colon better for drive paths and improves the test suite for windows users
browserify#1182 browserify#1183
fixes a problem with deduping for json files.
This caused problems for running bundle() multiple times on the same instance with caching turned on, which people reported encountering using watchify.
browserify#1101 browserify/watchify#143
fixes a bug where transforms in opts.transform were getting run twice
browserify#1124 browserify#1128
fixes exposed files persisting across bundles
updates browser-pack which uses umd 3.0.0.
This sligtly changes how --standalone $name works.
browserify/browser-pack#49 browserify#1105
Also some tidying up around handling expose that module-deps can do now:
and some fixes to regressions involving the 'package' event:
Upstream changes in resolve/browser-resolve mean that require('foo/bar') works
better with the package.json browser field. You can do something like:
{
"browser": { "./bar": "whatever.js" }
}uses / instead of \ for source map url separators on windows browserify#1096
resolves mappings from the browser field for externals
fixes an issue with resolving exposed packages relative to the basedir
browserify#1059 browserify#1039 https://github.com/daiweilu/browserify-broken-require
use [email protected], which fixes a bug in assert.deepEqual related to argument ordering, and ensures assert.deepEqual continues working in Chrome 40 and Firefox 35.
use [email protected], which adds process.umask() and a faster process.nextTick() implementation.
browserify#1018 browserify#1041
passes opts.debug through to insert-module-globals so that is can insert inline source maps for its modifications
ensures that transforms always execute in the order they were added
fixes some file path leaks in deduped deps
In previous releases, the deduping logic was over-zealous about how it handled
module references for duplicates. The prior behavior would detect when the
dependency tree of a module matched an existing module in addition to having the
exact same source code to share an instance. This was originally designed to
support libraries like threejs that internally use instanceof checks that
don't usually work very well across multiple packages. This feature didn't pan
out and didn't work very well in practice.
Later, a better way of deduping emerged after some unrelated tweaks to browser-pack to support source introspection for webworkers. The reflection form of deduping using implicit arguments is now the only kind.
The deduping instance feature resulted in this bug: browserify#1027 which created very surprising results when duplicate files were in use.
uses the new [email protected], which passes node's own buffer test suite
allows modules to be bundled with local paths and exposed at the same time
fixes the global transform getting added each re-bundle
fixes rebundling (used by watchify) when transforming
also fixes browserify#1015
Global transforms are now resolved to an absolute path before walking files. This fixes some bugs with local module versions taking precedence over global transforms and unresolvable global transforms spanning system directories.
This is a small breaking change since now transform objects live in the pipeline between the record and deps phases. This should only affect programs that expect records in the pipeline to only contain file objects.
fixes a bug setting placeholder filenames on stream inputs to be properly unique
fixes an issue with the expose property when opts.fullPaths is enabled
This issue commonly crops up in watchify.
updates regexps that test for absolute and relative paths to work better on windows
fixes ignoreTransform for the case where transforms were given in package.json as an array
uses noParse for better parity with module-deps
fixes #!shebang syntax when --bare is in effect by adding an unshebang phase to the pipeline
fixes the behavior for multiple external bundles
fixes a circular dependency issue with readable-stream
allows transforms to be ignored throughout the entire bundle
fixes a bug where module insert-module-globals would trigger too soon and conflict with other transforms
browserify#867 browserify#895 browserify#855
upgrades process to 0.8.0 browserify#906
respects opts.expose in require() browserify#907
resolves source map maths relative to the base url. This should help with more reproducible builds.
Version 6 is a tiny but breaking change to how source map paths work.
Now all source map paths are relative by default. This makes it easier to have deterministic debug builds across different systems and directories. If browserify is installed in a project-local directory, all the source map paths will be self-contained and relative against that location in node_modules.
bails early if opts.basedir is not the correct type browserify#927
exposes global browserify options to transforms under opts._flags browserify#910
fixes the array form of b.external() browserify#930
dedupe deps when fullPaths is on browserify#917 and fixes the crypto tests
adds back the array form for add() and require(), with extra places to add options
fixes ignore for relative paths in browserify#896
fixes exports across resets, which caused issues for watchify with exports browserify#892
adds an implicit dependency on the original module during dedupe browserify#880
fixes the command-line client to properly ignore paths that don't match a glob browserify#866
adds back support for .external(b) on a browserify instance b
that was dropped on the v5 refactor
buffers the record pipeline phase to start outputting after the first tick so that user plugins can capture and modify recorder output
fixes a bug with using --ignore to exclude node_modules packages on the command-line
improves the detection for --ignore
fixes bug with builtins that load json files (the 'constants' module), new 'json' pipeline label
allow optional extensions in bin/args
re-instates transforms after a reset and fixes exposing the transform events properly
makes stream entry files deterministic
adds 'package' events from module-deps when a package.json file is read
adds back the 'bundle' event and copies over options correctly to reset()
adds a note about derequire in standalone mode to the readme
fixes an error with basedir resolving plugins from names
also allows opts.plugin from the constructor like transform
passes .file on stream inputs through to transforms
browserify#744
sets require() for streams to not just be entry files
upgrades crypto-browserify to v3
updates --list to always print file paths
adds back .plugin() which was mistakenly omitted
fixes using debug and standalone at the same time browserify#750
fixes command-line versions of -u and -x browserify#821
test for --bare
fix for detectGlobals, --bare browserify#803
fixes --no-bundle-external with globals
upgrades insert-module-globals to fix browserify#834
fixes the changelog link browserify#835
adds an untracked test
At a glance:
- extensible internal labeled-stream-splicer pipeline
- bundle() - no longer accepts
opts, callback gets a buffer - b.deps(), b.pack(), opts.pack, opts.deps are gone
- can call bundle() multiple times on the same instance
- a better --noparse matcher
- id labeling integer index based instead of hash based
- derequire removed for performance reasons
- .external(bundle) has been removed (for now)
- semicolon at end of output
- hashing is gone so
expose: trueor explicit expose id is required for doing multi-export bundles
Version 5 is a big rearranging of browserify internals with more places for external code to hook into the build pipeline.
These changes are mostly aligned around the theme of making it easier for external code to interface with browserify internals in a less hacky way.
Now the core of browserify is organized into a labeled-stream-splicer pipeline. This means that user code and plugins can hook into browserify by pushing themselves onto the pipeline at a label:
var browserify = require('browserify');
var through = require('through2');
var bundle = browserify();
bundle.pipeline.get('deps').push(through.obj(function (row, enc, next) {
console.log('DEP:', row.id);
this.push(row);
next();
}));User code can remove existing transforms or add its own hooks. These are the
labeled sections you can get a handle on with bundle.pipeline.get()
'record'- save inputs to play back later on subsequentbundle()calls'deps'- module-deps'unbom'- remove byte-order markers'syntax'- check for syntax errors'sort'- sort the dependencies for deterministic bundles'dedupe'- remove duplicate source contents'label'- apply integer labels to files'emit-deps'- emit'dep'event'debug'- apply source maps'pack'- browser-pack'wrap'- apply final wrapping,require=and a newline and semicolon
Because there is now a proper pipeline, opts.pack, opts.deps, b.deps(),
and b.pack() are removed.
Big changes have been made to the bundle() function. All options have been
moved out of the bundle(opts) form and into the browserify constructor. Before
there was an unclear split between which arguments went into which function.
You can now call bundle() multiple times on the same instance, even in
parallel. This will greatly simplify the caching system under watchify and will
fix many long-standing bugs.
The callback to bundle(cb) is now called with cb(err, buf) instead of
cb(err, string) as before.
The former hashing system is removed, in favor of file paths rooted at the
opts.basedir, or the cwd.
This removal means that browserify can be much more consistent about applying integer ids, which avoids exposing system paths in bundle output.
Hashes are used internally for deduping purposes, but they operate on the source content only.
The matching logic in the --noparse feature is greatly improved.
derequire has been taken out of core, which should speed up --standalone.
reverts 4.2.2 due to breaking some existing use-cases
fixes a bug applying transforms to symlinked files by resolving the realpath first browserify#831
SECURITY NOTICE
Make sure your installation of browserify is using [email protected] or later. there was a security vulnerability where a malicious file could execute code when browserified.
The vulnerability involves breaking out of Function(), which was used to
check syntax for more informative errors. In node 0.10, Function() seems
to be implemented in terms of eval(), so malicious code can execute even
if the function returned by Function() was never called. node 0.11 does
not appear to be vulnerable.
Thanks to Cal Leeming [[email protected]] for discovering and disclosing this bug!
upgrades http-browserify, crypto-browserify, and sets more versions to float with ^ semvers
fixes a bug with transform argument handling browserify#795
upgrades browser-resolve to get opts.path fixes browserify/browser-resolve#43
upgrades resolve to fix relative NODE_PATH paths browserify/resolve#46
bumps the module-deps version to get an ordering bugfix browserify/module-deps#39 browserify#774
fixes ignoreMissing when set in the constructor browserify#785
emits the 'id' event on the correct instance browserify#780
added this document
fixes a bug in ie<=8 support for querystring browserify#764
upgrades umd to fix some issues with --standalone browserify#714
makes deps() behave more like bundle() browserify#757 and fixes global transform precedence browserify#759
upgrades the version of buffer to ^2.3.0
Here are the new breaking changes in browserify v4. Most users should be unaffected.
require('stream') is now using readable-stream (but the classic-mode shim persists in stream-browserify just like in node core). This should result in much smaller files for all modules using a similar-enough version of readable-stream as browserify itself. Other modules should be relatively unaffected.
Removal of the previously-deprecated and obscure bundle.expose().
Previously if you invoked the browserify command without any entry files as arguments and stdin was a tty, stdin would be implicitly added as an entry file. This feature was causing problems so it has been removed. browserify#724 (comment)
In the run-up to the 4.0, module-deps got an extensive rewrite with minimal test changes. Mostly it was just getting really messy because it was a giant ball-of-mud closure instead of a more straightforward prototype-based implementation with more clearly-defined methods.
The module-deps rewrite was triggered by system paths showing up in build output but was fixed in 3.46.1. The solution actually didn't end up needing changes in module-deps as originally anticipated but module-deps was in dire need of a cleanup.
fixes a bug exposing the host path of the process module in the bundle output browserify/insert-module-globals#32
allows array arguments in b.require(), b.add(), and b.external() browserify#742 from @spacepluk
renders complete stack traces where before they were getting truncated browserify#741 patch from @secoif
slims down the dependency payload by 20M browserify#736
fixes the recursion error many people were getting browserify#713 Thanks to @MattMcKegg for isolating the bug!
upgrades module-deps to 1.10.0 to make all the packageFilter dir argument pathways are consistent
lets b.transform(opts, t) args to be swapped around since opts is more common as a last argument
passes through the dir parameter in opts.packageFilter from module-deps 1.10.0 browserify#731
has an option to disable external files, making it easier to run bundles in node for code coverage browserify#672
makes --list work again browserify#727
merges a patch for piping via stdin and --require at the same time browserify#728
upgrades module-deps to fix --list for $NODE_PATH browserify#726
upgrades module-deps to get this packageTransform bugfix browserify/module-deps#32
modifies the behavior of opts.builtins to be more useful and intuitive browserify#717
adds a zlib that has parity with node browserify#721
upgrades derequire which uses esprima-fb browserify#710
adds 'close' events back to the bundle stream. This should fix some issues with watchify.
fixes a bug with through being required in the bin/cmd.js instead of through2
also reverts that require('process') thing which was mistakenly briefly put in the builtins list
gives streams2 semantics for bundle() browserify#646
fixes a dumb bug with ^ for versions that don't work in old npm clients
adds require('process') and removes the path resolution for process out of insert-module-globals
adds an empty tls stub to the builtins list browserify#703
fixes a bug with transforms not being applied in deps() browserify#708
fixes a bug with options in --global-transform on the command-line browserify#705
fixes parsing errors while maintaining es6 support by switching to esprima-fb browserify#698
should be easier to shinkwrap and install on windows browserify#684
adds --full-path and opts.fullPath to always expand ids to full paths browserify#668 (comment)
fixes a bug in the subarg argument parsing for multiple transforms browserify#678
uses process.cwd() as the default rebase target instead of commondir browserify#669 (comment)
merges browserify#669 which should help with more deterministic builds across systems
fixes parsing the --insert-global-vars argument properly browserify#674
fixes exclude globbing in the arg parser browserify#676
included a fix for --no-builtins for non-wrapped modules browserify#666
upgrades buffer for a utf8 fix browserify#656
adds globs for -u, -i, and -x browserify#654
adds relatively-resolved paths to ignored and excluded files
upgrades http-browserify to 1.3.1
now always includes the full package.json content in the 'package' event
fixes a bug with stream entry order browserify#643
adds plugins for doing super fancy things like factored bundle output https://github.com/substack/node-browserify#plugins
fixes a bug resolving transform modules when browserify is under a symlink
adds transform configuration in the package.json browserify.transform field https://github.com/substack/module-deps#packagejson-transformkey
you can pass arguments to transforms https://github.com/substack/node-browserify/blob/master/bin/advanced.txt#L67-L77
fixes a bug where the transform event didn't fire while IO was pending
fixes the transform docs
adds 'bundle' and 'transform' events https://github.com/substack/node-browserify#bonbundle-function-bundle-
upgrades derequire to 0.6.0. That should be the last piece needed for full es6 syntax support.
expands the documentation for the package.json browser and browserify.transform fields https://github.com/substack/node-browserify#packagejson
fixes generator syntax and other es6-isms in browserify browserify#614
fixes noParse, which had accidentally been disabled in the insert-module-global changes and also closes browserify#504
similar to 3.24.5, 3.24.6 fixes some error reporting propagation from the browserify command
fixes how require('buffer').Buffer wasn't the same as implicit Buffer browserify#612
fixes where the output stream didn't emit "close" in standalone mode browserify#608
fixes an issue where --standalone combined with expose caused a syntax error browserify#489
removes require() calls from --standalone so you can require() a standalone bundle again
merges this tiny fix returning this in noParse() browserify#592
merges browserify#587 which changes the source map prefix from //@ to //#
standardizes the module missing error formats to have filename, parent, and type === 'not found' fields
has a fix for the case where stdin is implicitly treated as the input stream instead of a file
3.20.0 is out: parity with how $NODE_PATH works in node browserify#593
restores support for node 0.8 by upgrading concat-stream
A new browserify version is upon us, just in time for the FESTIVE SEASON during which we in the northern hemisphere at mid to high latitudes huddle for warmth around oxidizing hydrocarbons!
There are 2 big changes in v3 but most code should be relatively unaffected.
feross forked
the buffer-browserify package
to create
native-buffer-browserify,
a Buffer implementation that uses Uint8Array to get buf[i] notation and
parity with the node core Buffer api without the performance hit of the
previous implementation and a much smaller file size. The downside is that
Buffer now only works in browsers with Uint8Array and DataView support.
All the other modules should maintain existing browser support.
Update: a shim was added
to in 3.1 for Uint8Array and DataView support. Now you can use Buffer in every
browser.
In v3, browserify no longer depends on
browser-builtins, in favor of
depending on packages directly. Instead of having some separate packages and
some files in a builtin/ directory like browser-builtins, browserify now uses
only external packages for the shims it uses. By only using external packages
we can keep browserify core focused purely on the static analysis and bundling
machinery while letting the individual packages worry about things like browser
compatibility and parity with the node core API as it evolves.
Individual, tiny packages should also be much easier for newcomers to contribute packages toward because they won't need to get up to speed with all the other pieces going on and the packages can have their own tests and documentation. Additionally, each package may find uses in other projects beside browserify more easily and if people want variations on the versions of shims that ship with browserify core this is easier to do when everything is separate.
Back when we were using browser-builtins there was a large latency between pushing out fixes to the individual packages and getting them into browserify core because we had to wait on browser-builtins to upgrade the semvers in its package.json. With direct dependencies we get much lower latency for package upgrades and much more granular control over upgrading packages.
Here is the list of packages we now directly depend on in v3:
- assert
- buffer
- console
- constants
- crypto
- events
- http
- https
- os
- path
- punycode
- querystring
- stream
- string_decoder
- timers
- tty
- url
- util
- vm
- zlib
That's it! If you're bold enough to give v3 a spin, just do:
npm install -g browserify