Security News
Nightmares on npm: How Two Malicious Packages Facilitate Data Theft and Destruction
Our threat research team breaks down two malicious npm packages designed to exploit developer trust, steal your data, and destroy data on your machine.
Simple module aliasing.
package.json
:
{
"aliases": {
"underscore": "lodash"
}
}
example.js
:
const _ = require('underscore')
…
$ node -r aliased example.js // uses lodash instead of underscore
Or…
server.js
:
require('aliased').register()
const example = require('./example.js') // uses lodash instead of underscore
This module provides simple module aliasing. Aliases go in your
package.json
in the aliases
property. The key
is the name of the
alias, the value
is the name of the actual package.
While you can provide aliases of relative requires, eg require('./foo')
this treats the string as opaque, so it'll catch anyone requiring the
relative path, even if it would oridinarly point at a different file.
Similarly, values can be relative, but they're substituted literally and so anything using them that's not in the same path as your package root will probably have a bad day.
So... probably don't use relative paths with this. module-alias
and
path-alias
are better choices for that.
I'm not saying this module is a good idea. Loading something different off
disk than you require
d is probably going to lead to confusion. But if you
must have aliases, it's an option.
require
) with aliases.FAQs
Allow explicit aliasing of packages
The npm package aliased receives a total of 0 weekly downloads. As such, aliased popularity was classified as not popular.
We found that aliased demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Our threat research team breaks down two malicious npm packages designed to exploit developer trust, steal your data, and destroy data on your machine.
Security News
A senior white house official is urging insurers to stop covering ransomware payments, indicating possible stricter regulations to deter cybercrime.
Security News
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.