Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Default require
provided by Node.js isn't that flexible. Let's say you want to test a module and inject a mock database driver and configuration there. What to do? One alternative is to use a dependency injection pattern like this:
main.js:
const db = require("./db");
const config = require("./config");
const api = require("./api")({ db, config });
api.js:
module.exports = imports => () => {
// do something with imports.db, imports.config
// ...
};
annoinject
provides a set of utilities that build upon this idea and make sure all imports needed actually have been injected. In inject
's case we would write the following:
api.js:
module.exports = require("annoinject")(["db", "config"], imports => {
// do something with imports.db, imports.config
});
Yes, there's more to write but at the same time it is more explicit. In addition annoinject
performs the extra check I mentioned about. It will give you a nice error in case some dependency hasn't been satisfied.
There are time when you would you like to inject the same dependencies for the whole package. You could for instance want to use the same configuration for each module included. In this case we can use a package level injector like this:
api/main.js:
const config = {
apikey: 'foobar'
};
const api = require("./api")({ config });
// then we can do
api.countries();
api/index.js:
module.exports = require("annoinject")("config");
api/countries.js:
module.exports = imports => {
// do something with imports.config now
return () => console.log('get countries now');
};
Just like the module injector, the package injector will make sure all required modules will get injected and give an Error in case they are not.
annoinject
is available under MIT. See LICENSE for more details.
FAQs
Injects dependencies to JavaScript modules and packages
The npm package annoinject receives a total of 0 weekly downloads. As such, annoinject popularity was classified as not popular.
We found that annoinject demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.