{"id":15542,"library":"bit-bundler-service","title":"Bit-Bundler Service","description":"bit-bundler-service is a standalone web service, currently at version 2.0.0, that exposes a GraphQL API for bundling JavaScript modules. It allows users to specify npm modules, optionally with versions, which are then bundled, minified, and provided with sourcemaps. Key goals for this experimental project included bundling GitHub projects, bundle splitting, Babel integration, and providing hypermedia responses and webhooks. The service offers a GraphQL interface to create and retrieve these bundles, aiming to simplify the module bundling process via an API. The project README indicates it's an experiment, suggesting a non-active release cadence and a focus on exploring GraphQL integration with bit-bundler rather than robust production deployment.","status":"abandoned","version":"2.0.0","language":"javascript","source_language":"en","source_url":"https://github.com/MiguelCastillo/bit-bundler-service","tags":["javascript"],"install":[{"cmd":"npm install bit-bundler-service","lang":"bash","label":"npm"},{"cmd":"yarn add bit-bundler-service","lang":"bash","label":"yarn"},{"cmd":"pnpm add bit-bundler-service","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"This package is a standalone web service with a GraphQL API. It is not designed for programmatic import as a library into other Node.js applications. Functionality is accessed by making HTTP requests to its GraphQL endpoint.","wrong":"import BitBundlerService from 'bit-bundler-service';","symbol":"Service Interaction (General)","correct":"// Interact via HTTP POST requests to http://localhost:4000/graphql"},{"note":"The 'createBundle' function is part of the GraphQL API schema. It is invoked by sending a GraphQL query to the service's endpoint, not by importing a function from the package.","wrong":"import { createBundle } from 'bit-bundler-service';","symbol":"createBundle (GraphQL Operation)","correct":"const query = `query bundler($modules: [Module]) { bundler { createBundle(modules: $modules) } }`; /* ... then POST to /graphql with variables */"},{"note":"Similar to 'createBundle', 'getBundle' is a GraphQL operation. Access its capabilities by constructing and sending the appropriate GraphQL query over HTTP.","wrong":"import { getBundle } from 'bit-bundler-service';","symbol":"getBundle (GraphQL Operation)","correct":"const query = `query getBundle { bundler { getBundle(id: \"BUNDLE_ID\") { hash, bundle, sourcemap } } }`; /* ... then POST to /graphql */"}],"quickstart":{"code":"npm install # In the cloned bit-bundler-service directory\n\n# Start the service with GraphiQL enabled for easy testing\nDEBUG=true node index.js &\n\n# Wait for the server to start, then make a GraphQL request\n# (e.g., using curl or a GraphQL client like Insomnia/GraphiQL)\n\n# Example GraphQL Query (save as createBundle.graphql):\n// query bundler($modules: [Module]) {\n//   bundler {\n//     createBundle(modules: $modules)\n//   }\n// }\n\n# Example GraphQL Variables (save as createBundleVariables.json):\n// {\n//   \"modules\": [\n//     {\n//       \"name\": \"spromise\",\n//       \"version\": \"^1.0.0\"\n//     },\n//     {\n//       \"name\": \"lodash.get\",\n//       \"version\": \"^4.4.2\"\n//     }\n//   ]\n// }\n\n# Send the request to create a bundle\ncurl -X POST -H \"Content-Type: application/json\" \\\n  --data '{\"query\": \"query bundler($modules: [Module]) { bundler { createBundle(modules: $modules) } }\", \"variables\": { \"modules\": [ { \"name\": \"spromise\", \"version\": \"^1.0.0\" }, { \"name\": \"lodash.get\", \"version\": \"^4.4.2\" } ] } }' \\\n  http://localhost:4000/graphql\n\n# The response will contain a bundle ID. Use it to retrieve the bundle:\n# Assuming 'BUNDLE_ID' is the ID returned from createBundle (e.g., e91671086147d525a5887479b9ad6bfd02f0d1ad)\ncurl -X POST -H \"Content-Type: application/json\" \\\n  --data '{\"query\": \"query getBundle { bundler { getBundle(id: \\\"e91671086147d525a5887479b9ad6bfd02f0d1ad\\\") { hash, bundle, sourcemap } } }\"}' \\\n  http://localhost:4000/graphql\n","lang":"javascript","description":"This quickstart demonstrates how to set up and run the bit-bundler-service locally, then interact with its GraphQL API to create and retrieve a bundled JavaScript module. It shows how to pass module details to `createBundle` and then fetch the resulting bundle using its ID."},"warnings":[{"fix":"Do not use this package for production environments. Consider actively maintained and production-ready bundlers or build services.","message":"This project is explicitly tagged as an 'experiment' in its README. It is not intended for production use and may not be actively maintained or receive security updates. Relying on it for critical applications is strongly discouraged.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"While `npm install` might proceed, direct execution `node index.js` on recent Node.js versions might fail due to deprecated APIs or syntax. Running an ancient Node.js v6 is a major security risk. No direct fix is available without source code modifications.","message":"The package's `engines.node` specifies `>=6`, which is an extremely outdated Node.js version. Running this service on modern Node.js versions may lead to compatibility issues or failures. It also implies a lack of recent security updates for the runtime environment itself.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"If deploying, implement robust security sandboxing, input validation, and whitelist modules and versions, or run in an isolated environment where bundle execution cannot compromise the host system.","message":"The service allows bundling arbitrary npm modules specified by name and version. Without proper sandboxing and security measures, this could be a severe supply chain vulnerability if malicious module names or versions are requested.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-21T00:00:00.000Z","next_check":"2026-07-20T00:00:00.000Z","problems":[{"fix":"Ensure Node.js v6 is used, as specified in `engines.node`. However, using such an old Node.js version is a major security risk. A more viable fix would involve updating the service's source code to be compatible with a modern Node.js runtime.","cause":"Attempting to run the service with an incompatible or outdated Node.js version, or missing environmental setup for core dependencies.","error":"Error: The 'node' argument must be of type string. Received an instance of [object Undefined]"},{"fix":"Specify a different port using the `PORT` environment variable: `PORT=8080 node index.js`","cause":"The default port (4000) for the service is already in use by another application.","error":"Error: listen EADDRINUSE :::4000"},{"fix":"Ensure your HTTP POST request to `/graphql` includes a JSON body with a `query` field containing a valid GraphQL query string. When using `curl`, escape double quotes appropriately.","cause":"The GraphQL API was called without a valid query or mutation in the request body, or with an improperly formatted request.","error":"Error: Must provide document for GraphQL request."}],"ecosystem":"npm"}