{"id":44022032,"url":"https://github.com/networkteam/nwt-frontend-scripts","last_synced_at":"2026-02-07T16:36:13.109Z","repository":{"id":33225002,"uuid":"153617164","full_name":"networkteam/nwt-frontend-scripts","owner":"networkteam","description":"Toolchain to build frontend assets","archived":false,"fork":false,"pushed_at":"2023-01-08T12:37:59.000Z","size":1088,"stargazers_count":0,"open_issues_count":7,"forks_count":2,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-09-01T04:39:26.871Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/networkteam.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-10-18T12:04:16.000Z","updated_at":"2021-12-07T11:02:41.000Z","dependencies_parsed_at":"2023-01-15T00:00:23.409Z","dependency_job_id":null,"html_url":"https://github.com/networkteam/nwt-frontend-scripts","commit_stats":null,"previous_names":[],"tags_count":46,"template":false,"template_full_name":null,"purl":"pkg:github/networkteam/nwt-frontend-scripts","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkteam%2Fnwt-frontend-scripts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkteam%2Fnwt-frontend-scripts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkteam%2Fnwt-frontend-scripts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkteam%2Fnwt-frontend-scripts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/networkteam","download_url":"https://codeload.github.com/networkteam/nwt-frontend-scripts/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkteam%2Fnwt-frontend-scripts/sbom","scorecard":{"id":681218,"data":{"date":"2025-08-11","repo":{"name":"github.com/networkteam/nwt-frontend-scripts","commit":"ec65f890750372ea11167af5fd8ce2cb7c4a52d6"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.6,"checks":[{"name":"Code-Review","score":4,"reason":"Found 6/13 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/release-next.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-next.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/networkteam/nwt-frontend-scripts/release-next.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-next.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/networkteam/nwt-frontend-scripts/release-next.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/networkteam/nwt-frontend-scripts/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/networkteam/nwt-frontend-scripts/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/networkteam/nwt-frontend-scripts/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/networkteam/nwt-frontend-scripts/test.yml/main?enable=pin","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 25 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"35 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-c2jc-4fpr-4vhg","Warn: Project is vulnerable to: GHSA-crh6-fp67-6883","Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5","Warn: Project is vulnerable to: GHSA-33f9-j839-rf8h","Warn: Project is vulnerable to: GHSA-c36v-fmgq-m8hx","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq","Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488","Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-x3m3-4wpv-5vgc","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5","Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j","Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T23:13:36.147Z","repository_id":33225002,"created_at":"2025-08-21T23:13:36.147Z","updated_at":"2025-08-21T23:13:36.147Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29199916,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-07T16:28:23.579Z","status":"ssl_error","status_checked_at":"2026-02-07T16:28:22.566Z","response_time":63,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-02-07T16:36:13.042Z","updated_at":"2026-02-07T16:36:13.100Z","avatar_url":"https://github.com/networkteam.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# nwt-frontend-scripts\nA webpack based workflow to create frontend-assets.\n\n## Features\n* Browser-Ready Javascript from ESNext-Modules\n* CSS-Generation from SCSS with autoprefixer\n* Icon-Sprite Generation from SVG files\n* Asset-Resolver and copier\n\n## Getting started\n\nTo use this workflow in your projects, install the package with npm or yarn\n\n```bash\nnpm install @networkteam/frontend-scripts\n```\n\nDefine variables in your `package.json`:\n\n```json\n{\n  \"basePackageName\": \"Customer.Base\",\n  \"sitePackageName\": \"Customer.Site\"\n}\n```\n\n\u003e Alternatively set the variables `BASE_PACKAGE_NAME` and `SITE_PACKAGE_NAME` in an .env file in the directory of your package.json. This is mandatory when using workspaces in a monorepo as package-variables are not always available in the workspace.\n\nCopy the scripts to your package.json:\n\n```json\n  \"scripts\": {\n    \"build\": \"npm run webpack\",\n    \"build:dev\": \"npm run webpack:dev\",\n    \"start\": \"npm run webpack:watch\",\n    \"test\": \"npm run webpack:test\",\n    \"test-watch\": \"npm run webpack:test-watch\",\n    \"webpack\": \"networkteam-asset-build prod\",\n    \"webpack:dev\": \"networkteam-asset-build dev\",\n    \"webpack:watch\": \"networkteam-asset-build watch\",\n    \"webpack:test\": \"networkteam-asset-build test\",\n    \"webpack:test-watch\": \"networkteam-asset-build test-watch\"\n  },\n```\n\nWebpack relies on four entry points to generate JS and CSS Assets:\n\n* header.js: %PROJECTROOT%/Resources/Private/Javascript/header.js\n* footer.js: %PROJECTROOT%/Resources/Private/Javascript/footer.js\n* main.css: %PROJECTROOT%/Resources/Private/Scss/main.scss\n* print.css: %PROJECTROOT%/Resources/Private/Scss/print.scss\n\nStart the npm task:\n\n```bash\nnpm start // file watcher with hot reload\nnpm run build:dev // Development build\nnpm run build // Production build\nnpm run test // Testing with code coverage recap\nnpm run test-watch // Run watcher for TDD\n```\n\n**Note:** Webpack generates a JS-File for every entry point including JS-Files. This will be improved in future Versions of webpack\n\nThe generated files will be copied to `%PROJECTROOT%/Resources/Public/Dist` including the assets used in CSS (e.g. bg-images or fonts). The paths for the CSS Assets are automatically corrected to the new path by webpack.\n\n## Using Aliases\n\nThis workflow automatically provides aliases for an easier import from different folders:\n\n* **rootPath**: The root folder of your project\n* **baseJavascript**: Javascript components from base package (%BASEROOT%/Resources/Private/Javascript)\n* **baseStyles**: Styles from basePackage (%BASEROOT%/Resources/Private/Scss use e.g `~baseStyles/main` to import main.scss)\n* **modernizr**: Auto-Generated modernizr file (see below)\n\n## Icon Sprite\n\nEvery SVG-File located in `%BASEROOT%/Resources/Private/Icons` will be included in an automatically generated Svgsprite. The sprite itself will be stored in `%BASEROOT%/Resources/Public/Dist` and a SCSS-File can be found in `%BASEROOT%/Resources/Private/Scss/_sprite.scss`. This SCSS-File includes the mixins to use the icon on every element (`@include sprite(%FILENAME%)`) although this way is not encouraged due to repeated server requests.\n\nTo prevent Iconsprite from being built, use the `--noIconSprite` flag in your npm scripts. This might be useful when on projects where you don't want to do that for each build.\n\n## Live Reloading\n\nHot or live reloading is supported by default in development mode. In certain projects it makes sense to disable live reloading and refresh the view manually (e.g. in forms).\n\nTo disable live reloading, use the `--noLivereload` flag in your npm scripts.\n\n## Environment Variables\n\nBy default the scripts pass two environment variables to use in your code: NODE_ENV and CUSTOMER_NAME, that can be accessed via process.env. If you need additional variables e.g. to define an api endpoint, you have to prefix this variable with `NWT_APP_`.\n\n```\n.env\n\nNWT_APP_ENDPOINT = http://localhost:3000\n\napi.js\nconst endpoint = process.env.NWT_APP_ENDPOINT\n```\n\n## Add own configuration\n\nIf you need a special configuration for your Project, you can add a custom webpack.js to your project root. It will be included automatically:\n\n```Javascript\nmodule.exports = function(env, args) {\n  return {\n      output: {\n          path: newOutputPath\n      }\n  };\n};\n```\n\nIf you want to adapt predefined rules and merge them to one, you may do so by matching `test`-expression:\n\n```Javascript\nmodule.exports = function(env, args) {\n  return {\n    module: {\n      rules: [\n        {\n          test: /\\.(sass|scss)$/,  // use same expression used by plugin to merge\n          ...\n        }\n      ]\n    },\n  };\n};\n```\n\nTo remove entry points from webpack, you can set them to null in your own configuration\n\nWhen a plugin is defined in custom webpack config that is already defined in common.webpack.js it is treated as one plugin that takes the default config and merges config of custom Webpack-Plugin deeply into it. Deeply merging class constructors only goes so far. If a default value of any used plugin in custom webpack config is initialized then it will overwrite the value defined in default config.\n\n## Using modernizr\n\nBy default a modernizr custom build is generated with `setclasses` option and can be imported via\n\n```Javascript\nimport Modernizr from 'modernizr'; // as named import\nimport 'modernizr'; // direct import\n```\n\nTo extend the configuration and add tests and feature detections, create a `.modernizrrc` in your Project Root:\n\n```Javascript\nmodule.exports = {\n  \"feature-detects\": [\n    \"test/css/flexbox\",\n    \"test/es6/promises\",\n    \"test/serviceworker\"\n  ]\n};\n```\n\n[See full configuration possibilities](https://github.com/Modernizr/Modernizr/blob/master/lib/config-all.json)\n\n## Usage in standalone projects\n\nThe scripts are designed to work with a Neos or Typo3 folder structure, for the most parts it is also possible to use them in other projects. Therefore you have to define your base- and site-package as `.` in your package.json\n\n```json\n{\n  \"basePackageName\": \".\",\n  \"sitePackageName\": \".\"\n}\n```\n\n\nAdditionally you have to turn off the icon sprite generator, because it relies on a specific place, where the icons are stored. E.g. in your package.json.\n\n\n```json\n  \"scripts\": {\n    \"build\": \"npm run webpack --noIconSprite\",\n  },\n```\n\nAlso, you might want to change the entry points and output paths via a custom webpack configuration (see above)\n\n```javascript\nmodule.exports = function () {\n  return {\n    entry: {\n      header: null,\n      footer: null,\n      main: \"./src/index.js\",\n      print: null,\n    },\n    output: {\n      path: './dist'\n    },\n  };\n};\n```\n\n## Testing\n\nFor unit testing create a file `${your-filename}.test.js` within your javascript folder.\nWebpack will watch for files within the javascript directory ending on `*.test.js`.\nRun your tests by simply start `npm run test`.\n\nIf you want to test with the BDD approach, you can start the script with `npm run test-watch`.\nThis will reload the tests with every save.\n\nWe use `chai` as assertion and `sinon` as mocking library.\nWithin the testing environment you have access to the following global variables:\n  * `chai`\n  * `sinon`\n  * `expect` - the `chai.expect`\n  * `assert` - the `chai.assert`\n  * `sandbox` - the `sinon.sandbox`\n\nYou can also use `window` and `document`, as usual.\n\nHere you get more information about [Sinon](https://sinonjs.org/) and [Chai - BDD](https://www.chaijs.com/api/bdd/)\n\n**Example:**\n```js\n// Resources/Private/Javscript/Custom/Component/ComponentToTest.test.js\n\n/*global describe, it, beforeEach, afterEach, sandbox*/\nimport ComponentToTest from './ComponentToTest';\n\ndescribe('ComponentToTest', () =\u003e {\n  let component = null;\n  beforeEach(done =\u003e {\n    component = new ComponentToTest();\n    // do some stuff before each testing step\n    document.body.innerHTML = '\u003cdiv id=\"myContainer\"\u003e\u003c/\u003cdiv\u003e';\n    done();\n  });\n\n  afterEach(done =\u003e {\n    // do some stuff after each testing step\n    document.body.innerHTMl = '';\n    done();\n  });\n\n    describe('some tests with special attributes', () =\u003e {\n      it('it should do something', done =\u003e {\n        // do something with \u003ccomponent\u003e\n        component.initialize();\n\n        // do some expectations concerning \u003ccomponent\u003e.\n        expect(component).to.have.property('initialized').equals(true);\n        done();\n      });\n    });\n  }\n}\n```\n\n\n## Release a new version:\n\n### Pre-releases\n\nTo create a pre-release one can push/merge changes to branch `next`. This triggers actions to automatically create a pre-release.\nUse `@next` as version in your project package.json to use the current pre-release.\n\n### Releases\n\n1. Merge your branch/changes into main branch\n2. Bump version in package.json with `npm version [\u003cnewversion\u003e | major | minor | patch`\n3. Push bumped version including new tag to `main` branch with `git push --tags`\n4. Create a new release with release notes from newly created tag on github\n5. The new release will trigger GitHub Actions for automatically publishing to NPM\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetworkteam%2Fnwt-frontend-scripts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnetworkteam%2Fnwt-frontend-scripts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetworkteam%2Fnwt-frontend-scripts/lists"}