Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@rsbuild/plugin-node-polyfill
Advanced tools
An Rsbuild plugin to automatically inject polyfills for [Node.js builtin modules](https://nodejs.org/api/modules.html#built-in-modules) into the browser side.
An Rsbuild plugin to automatically inject polyfills for Node.js builtin modules into the browser side.
Normally, we don't need to use Node builtin modules on the browser side. However, it is possible to use some Node builtin modules when the code will run on both the Node side and the browser side, and this plugin provides browser versions of polyfills for these Node builtin modules.
By using the Node Polyfill plugin, polyfills for Node builtin modules are automatically injected into the browser-side, allowing you to use these modules on the browser side with confidence.
Install:
npm add @rsbuild/plugin-node-polyfill -D
Add plugin to your rsbuild.config.ts
:
// rsbuild.config.ts
import { pluginNodePolyfill } from '@rsbuild/plugin-node-polyfill'
export default {
plugins: [pluginNodePolyfill()],
}
Buffer
process
When you use the above global variables in your code, the corresponding polyfill will be automatically injected.
For instance, the following code would inject the Buffer
polyfill:
const bufferData = Buffer.from('abc')
You can disable this behavior through the globals
option of the plugin:
pluginNodePolyfill({
globals: {
Buffer: false,
process: false,
},
})
assert
buffer
console
constants
crypto
domain
events
http
https
os
path
punycode
process
querystring
stream
_stream_duplex
_stream_passthrough
_stream_readable
_stream_transform
_stream_writable
string_decoder
sys
timers
tty
url
util
vm
zlib
When the above module is referenced in code via import / require syntax, the corresponding polyfill will be injected.
import { Buffer } from 'buffer'
const bufferData = Buffer.from('abc')
child_process
cluster
dgram
dns
fs
module
net
readline
repl
tls
Currently there is no polyfill for the above modules on the browser side, so when you import the above modules, it will automatically fallback to an empty object.
import fs from 'fs'
console.log(fs) // -> {}
Used to specify whether to inject polyfills for global variables.
type Globals = {
process?: boolean
Buffer?: boolean
}
const defaultGlobals = {
Buffer: true,
process: true,
}
Whether to polyfill Node.js builtin modules starting with node:
.
boolean
true
For example, if you disable protocolImports
, modules such as node:path
, node:http
, etc. will not be polyfilled.
pluginNodePolyfill({
protocolImports: false,
})
Specify an array of modules for which polyfills should be injected. If this option is set, only the specified modules will be polyfilled. include
is mutually exclusive with exclude
.
string[]
undefined
pluginNodePolyfill({
include: ['buffer', 'crypto'], // Only "buffer" and "crypto" modules will be polyfilled.
})
Specify an array of modules for which polyfills should not be injected from the default. If this option is set, the specified modules will be excluded from polyfilled. exclude
is mutually exclusive with include
.
string[]
undefined
pluginNodePolyfill({
exclude: ['http', 'https'], // All modules except "http" and "https" will be polyfilled.
})
Override the default polyfills for specific modules.
Record<string, string>
{}
pluginNodePolyfill({
overrides: {
fs: 'memfs',
},
})
builtinMappingResolved
: A map of Node.js builtin modules to their resolved corresponding polyfills modules.resolvedPolyfillToModules
: A map of resolved polyfill modules to the polyfill modules before resolving.MIT.
FAQs
An Rsbuild plugin to automatically inject polyfills for [Node.js builtin modules](https://nodejs.org/api/modules.html#built-in-modules) into the browser side.
We found that @rsbuild/plugin-node-polyfill demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.