Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@module-federation/node
Advanced tools
A package to bring the concept and power of module federation to NodeJS.
To install the plugin run one of the following commands in your terminal for your application.
# npm
npm install @module-federation/node
# yarn
yarn add @module-federation/node
There are two approaches to using the plugins exported from this package, dependent on your use case.
This plugin is an abstraction over both NodeFederationPlugin
and ModuleFederationPlugin
. It will alternate between which it uses based on where the build is intended to be used.
If the build is intended to be used on the browser
, it will use the standard ModuleFederationPlugin
and bundle your code accordingly, however, if it is intended for server
usage, it will use NodeFederationPlugin
to create the bundle.
This simplifies the code required in your webpack.config.js
to enable SSR Module Federation. It determines which platform it needs to build for based on two things:
isServer: true
server
It accepts the other standard options from ModuleFederationPlugin
as well. You can see an example usage below:
const { UniversalFederationPlugin } = require('@module-federation/node');
const config = {
target: isServer ? false : 'web',
plugins: [
new UniversalFederationPlugin({
name: 'website2',
library: { type: 'commonjs-module' },
isServer: true, // or false
remotes: {},
filename: 'remoteEntry.js',
exposes: {
'./SharedComponent': './remoteServer/SharedComponent',
},
}),
],
};
You can also use each of the underlying plugins individually if you need more control over when they are used.
At build time, you need to be aware if you're building for the server
or for the browser
.
If it's building for server, we need to set target: false
to allow the plugins to function correctly.
The NodeFederationPlugin
follows the same API as the Module Federation Plugin and therefore should be a drop-in replacement if you already have it set up in your webpack.config.js
.
An example configuration is presented below:
const { NodeFederationPlugin, StreamingTargetPlugin } = require('@module-federation/node');
const config = {
target: isServer ? false : 'web',
plugins: [
new NodeFederationPlugin({
name: 'website2',
library: { type: 'commonjs-module' },
remotes: {},
filename: 'remoteEntry.js',
exposes: {
'./SharedComponent': './remoteServer/SharedComponent',
},
}),
new StreamingTargetPlugin({
name: 'website2',
library: { type: 'commonjs-module' },
remotes: {},
}),
],
};
This package also exposes a few utilities to help with the setup of your federated application.
Used to "hot reload" the federated application.
import { revalidate } from '@module-federation/node/utils';
// we automatically reset require cache, so the reload callback is only if you need to do something else
revalidate().then((shouldReload) => {
// do something extra after revalidation
if (shouldReload) {
// reload the server
}
});
Note: To ensure that changes made to files in remotes are picked up revalidate
, you can set the remotes webpack output.filename to [name]-[contenthash].js
(or similar). This will cause the remoteEntry.js file to be regenerated with a unique hash every time a new build occurs. The revalidate method intelligently detects changes by comparing the hashes of the remoteEntry.js files. By incorporating [contenthash] into the remote's webpack configuration, you enable the shell to seamlessly incorporate the updated files from the remotes.
Hot reloading Express.js
Express has its own route stack, so reloading require cache will not be enough to reload the routes inside express.
//express.js
const app = express();
global.clearRoutes = () => {
app._router.stack = app._router.stack.filter((k) => !(k && k.route && k.route.path));
};
// in some other file (within the scope of webpack build)
// wherever you have your revalidation logic
revalidate().then((shouldReload) => {
if (shouldReload) {
global.clearRoutes();
}
});
const chunkFetcher = globalThis.webpackChunkLoad || globalThis.fetch || fetchPolyfill;
// then it will pass one argument to the function, the url to fetch
chunkFetcher(url)
.then((res) => res.text())
.then((text) => {
// do something with the text
});
if you want to use your own custom fetch, or add fetch headers, either in the entrypoint of webpack or outside of webpack scope, like in express server- you can override the default chunk fetcher by setting the globalThis.webpackChunkLoad variable.
globalThis.webpackChunkLoad = async (url) => {
const res = await fetch(url, {
headers: {
'x-custom-header': 'custom-header-value',
},
});
return res.text();
};
List of our amazing contributors 💥
FAQs
Module Federation helper for Node
The npm package @module-federation/node receives a total of 34,466 weekly downloads. As such, @module-federation/node popularity was classified as popular.
We found that @module-federation/node demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.