m/metamask-extension
1
0
Fork 0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 09:52:26 +01:00
Code
7199d9c567
metamask-extension/development/build
History
Mark Stacey 7199d9c567 Use externally hosted phishing warning page 
An externally hosted phishing warning page is now used rather than the
built-in phishing warning page.The phishing page warning URL is set via
configuration file or environment variable. The default URL is either
the expected production URL or `http://localhost:9999/` for e2e testing
environments.

The new external phishing page includes a design change when it is
loaded within an iframe. In that case it now shows a condensed message,
and prompts the user to open the full warning page in a new tab to see
more details or bypass the warning. This is to prevent a clickjacking
attack from safelisting a site without user consent.

The new external phishing page also includes a simple caching service
worker to ensure it continues to work offline (or if our hosting goes
offline), as long as the user has successfully loaded the page at least
once. We also load the page temporarily during the extension startup
process to trigger the service worker installation.

The old phishing page and all related lines have been removed. The
property `web_accessible_resources` has also been removed from the
manifest. The only entry apart from the phishing page was `inpage.js`,
and we don't need that to be web accessible anymore because we inject
the script inline into each page rather than loading the file directly.

New e2e tests have been added to cover more phishing warning page
functionality, including the "safelist" action and the "iframe" case.
2022-05-16 14:40:50 -02:30
..
transforms Derive version suffix from build type and version (#13895) 2022-03-10 12:31:50 -03:30
display.js
etc.js Derive version suffix from build type and version (#13895) 2022-03-10 12:31:50 -03:30
index.js Add TypeScript to the build system (#13489) 2022-03-28 16:33:40 -06:00
manifest.js Derive version suffix from build type and version (#13895) 2022-03-10 12:31:50 -03:30
README.md Document Flask build flag (#13597) 2022-03-02 23:56:04 -08:00
sass-compiler.js
scripts.js Use externally hosted phishing warning page 2022-05-16 14:40:50 -02:30
static.js Use externally hosted phishing warning page 2022-05-16 14:40:50 -02:30
styles.js
task.js Fix LavaMoat background policy generation (#12844) 2021-11-26 16:38:23 -03:30
utils.js Derive version suffix from build type and version (#13895) 2022-03-10 12:31:50 -03:30

README.md

The MetaMask Build System

tl;dr yarn dist for prod, yarn start for local development. Add --build-type flask to build Flask, our canary distribution with more experimental features.

This directory contains the MetaMask build system, which is used to build the MetaMask Extension such that it can be used in a supported browser. From the repository root, the build system entry file is located at ./development/build/index.js.

Several package scripts invoke the build system. For example, yarn start creates a watched development build, and yarn dist creates a production build. Some of these scripts applies lavamoat to the build system, and some do not. For local development, building without lavamoat is faster and therefore preferable.

The build system is not a full-featured CLI, but rather a script that expects some command line arguments and environment variables. For instructions regarding environment variables, see the main repository readme.

Generally speaking, the build system consists of gulp tasks that either manipulate static assets or bundle source files using Browserify. Production-ready zip files are written to the ./builds directory, while "unpacked" extension builds are written to the ./dist directory.

Our JavaScript source files are transformed using Babel, specifically using the babelify Browserify transform. Source file bundling tasks are implemented in the ./development/build/scripts.js.

Locally implemented Browserify transforms, some of which affect how we write JavaScript, are listed and documented here.

Usage

Usage: yarn build <entry-task> [options]

Commands:
  yarn build prod       Create an optimized build for production environments.

  yarn build dev        Create an unoptimized, live-reloaded build for local
                        development.

  yarn build test       Create an optimized build for running e2e tests.

  yarn build testDev    Create an unoptimized, live-reloaded build for running
                        e2e tests.

Options:
  --build-type        The "type" of build to create. One of: "beta", "flask",
                      "main"
                                                      [string] [default: "main"]
  --lint-fence-files  Whether files with code fences should be linted after
                      fences have been removed by the code fencing transform.
                      The build will fail if linting fails.
                      Defaults to `false` if the entry task is `dev` or
                      `testDev`, and `true` otherwise.
                                                   [boolean] [default: <varies>]
  --lockdown          Whether to include SES lockdown files in the extension
                      bundle. Setting this to `false` is useful e.g. when
                      linking dependencies that are incompatible with lockdown.
                                                       [boolean] [default: true]
  --policy-only       Stops the build after generating the LavaMoat policy,
                      skipping any writes to disk.
                                                       [boolean] [deafult: false]
  --skip-stats        Whether to refrain from logging build progress. Mostly
                      used internally.
                                                      [boolean] [default: false]