Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@module-federation/enhanced
Advanced tools
This package provides enhanced features for module federation.
@module-federation/enhanced
This package provides enhanced features for module federation.
The following items are exported:
See https://module-federation.io/guide/basic/webpack.html for details.
string
The name of the container.
Exposes
undefined
Used to specify the modules and file entry points that are exposed via Module Federation. After configuration, the exposed modules will be extracted into a separate chunk, and if there are async chunks, they will also be extracted into a separate chunk (the specific splitting behavior depends on the chunk splitting rules).
The Exposes
type is defined as follows:
type Exposes = (ExposesItem | ExposesObject)[] | ExposesObject;
type ExposesItem = string;
type ExposesItems = ExposesItem[];
interface ExposesObject {
[exposeKey: string]: ExposesConfig | ExposesItem | ExposesItems;
}
Here, exposeKey
is essentially the same as the Package Entry Points specification (except that regular expression matching is not supported).
For example:
module.exports = {
plugins: [
new ModuleFederationPlugin({
name: 'mfButton',
exposes: {
// Note: "./" is not supported
'.': './src/index.tsx',
'./add': './src/utils/add.ts',
'./Button': './src/components/Button.tsx',
},
}),
],
};
This is a consumer-specific parameter. If remotes is set, it can be considered as a consumer.
Remotes
undefined
This is used to specify how Module Federation consumes remote modules.
The Remotes
type is defined as follows:
type Remotes = (RemotesItem | RemotesObject)[] | RemotesObject;
type RemotesItem = string;
type RemotesItems = RemotesItem[];
interface RemotesObject {
[remoteAlias: string]: RemotesConfig | RemotesItem | RemotesItems;
}
Here, remoteAlias
is the name actually used by the user and can be configured arbitrarily. For example, if remoteAlias
is set to demo
, the consumption method is import xx from 'demo'
.
Shared
undefined
shared
is used to share common dependencies between consumers and producers, reducing runtime download size and thus improving performance.
The Shared
type is defined as follows:
type Shared = (SharedItem | SharedObject)[] | SharedObject;
type SharedItem = string;
interface SharedObject {
[k: string]: SharedConfig | SharedItem;
}
boolean
false
Determines whether only one version of the shared module is allowed in the shared scope (singleton mode).
string
require('project/package.json')[devDeps | dep]['depName']
The required version can be a version range. The default value is the dependency version of the current application.
:::warning
When eager
is set to true, the shared dependencies will be packaged into the entry file, which will cause the entry file to be too large. Please open with caution.
eager: true
is rarely recommended
:::
boolean
false
Determines whether to load shared modules immediately.
Under normal circumstances, you need to open the asynchronous entry, and then load shared asynchronously on demand. If you want to use shared but don't want to enable asynchronous entry, you can set eager
to true .
string[]
undefined
Used to add additional plug-ins required at runtime. The value is the path of the specific plug-in. It supports absolute/relative paths and package names.
Once set, the runtime plugin is automatically injected and used at build time.
string
undefined
Used to modify the actual bundler runtime version. Path with value @module-federation/runtime-tools
.
FAQs
This package provides enhanced features for module federation.
The npm package @module-federation/enhanced receives a total of 745,941 weekly downloads. As such, @module-federation/enhanced popularity was classified as popular.
We found that @module-federation/enhanced demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.