Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@contrast/require-hook
Advanced tools
@contrast/require-hook
Intercept calls to require in order to modify or replace exports.
Usage
Class: RequireHook
Instantiation
const RequireHook = require('./lib');
const requireHook = new RequireHook();
The RequireHook constructor accepts a pino
logger as an argument.
.resolve(descriptor, ...handlers)
Options:
-
descriptor: This can be a string or an object describing the module you want to intercept. If a string is used, or if the version field of the descriptor isn't set, all versions of the described module will be matched. Descriptors can have aname,version, andfileproperty. -
handlers: The remaning arguments are the handlers which will be invoked when the described module isrequire'd. Each handler is passed the exported module and metadata including the module's root directory and its name and version as seen in itspackage.jsonfile. If a handler returns a truthy value, then that value will replace the return value ofrequire.
Note: Registered handlers run once per unique instance of an export matching a descriptor.
.install()
This will monkey-patch Module.prototype.require so that exports can be
intercepted. The monkey-patching will only happen once regardless of how many
times this is invoked.
.uninstall()
This will reset Module.prototype.require to its value before being
monkey-patched by the instance.
Examples
Use case: For express versions greater than or equal to 4, intercept the
export of the package's lib/view.js file (relative to the package's base
directory) and apply a tag to the exported function.
const RequireHook = require('./lib');
const requireHook = new RequireHook();
requireHook.resolve(
{
name: 'express',
version: '>=4',
file: 'lib/view.js',
},
(xport, metadata) => {
// Read from the package.json:
// - metadata.name
// - metadata.version
// Absolute path to file:
// - metadata.packageDir
// xport === function View() { /*...*/ }
xport['I was intercepted'] = true;
},
);
Use case: Intercept all versions of body-parser and replace the exported
functions.
const RequireHook = require('./lib');
const requireHook = new RequireHook();
requireHook.resolve({ name: 'body-parser' }, (xport, metadata) => {
// Read from the package.json:
// - metadata.name
// - metadata.version
// Absolute path to file:
// - metadata.packageDir
// xport === function bodyParser() { /*...*/ }
return function bodyParserReplacement() {
/*...*/
};
});
FAQs
Post hooks for Module.prototype.require
The npm package @contrast/require-hook receives a total of 1,059 weekly downloads. As such, @contrast/require-hook popularity was classified as popular.
We found that @contrast/require-hook demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Package last updated on 17 May 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
By Sarah Gooding - Feb 06, 2025
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025