Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
babel-plugin-bare-import-rewrite
Advanced tools
Babel plugin to rewrite bare imports for browser use.
Babel plugin to rewrite bare imports. In theory this will become obsolete if/when browsers get support for import maps. See domenic/package-name-maps for information about the proposal.
This module requires node.js 10 or above and @babel/core
.
npm i babel-plugin-bare-import-rewrite
Add bare-import-rewrite
to plugins
in your babel settings.
{
"plugins": [
["bare-import-rewrite", {
"modulesDir": "/node_modules",
"rootBaseDir": ".",
"alwaysRootImport": [],
"ignorePrefixes": ["//"],
"failOnUnresolved": false,
"resolveDirectories": ["node_modules"],
"processAtProgramExit": false,
"preserveSymlinks": true
}]
]
}
If the plugin settings object is omitted the defaults are used:
{
"plugins": ["bare-import-rewrite"]
}
The URL path in which files from the node_modules
directory will be published on
the web server. This must be an absolute URL if provided (with or without hostname).
Default undefined.
The project base directory. This should contain the package.json and node_modules
of the application. Default process.cwd()
.
This contains a list of module bare names which should always be forced to import from
the root node_modules. ['**']
can be used to specify that all modules should be
resolved from the root folder. No attempt is made to verify that overridden modules
are compatible. Each element is used as a pattern to be processed with minimatch
.
Default []
.
This contains a list of module bare names which should never be forced to imported
from the root node_modules. Processed with minimatch
. Default []
.
This example will force all modules to be loaded from the root node_modules except
for some-exception
:
{
"alwaysRootImport": ["**"],
"neverRootImport": ["some-exception"]
}
By default an error is logged when an import could not be resolved, but it does not fail babel compilation. Setting this option to true will fail babel compilation with details.
Array of directories which should be search for resolving modules. If multiple directories are specified they
are evaluated in order of importance. If the same module exists in both folders, the leftmost module directory is
always taken. Defaults to ['node_modules']
.
Setting this option true
forces use of platform specific path separators. This changes
the default value of modulesDir
to the absolute filesystem path of node_modules
. This
should generally be used when using absolute filesystem paths for bundling.
This option can be set to an array of strings. Each represents a module name prefix to be ignored.
A list of extensions to use in resolver. Default ['.mjs', '.js', '.json']
.
This causes processing to occur during the babel Program.exit
visitor. In general
this option is not needed.
This is passed to the resolve
module. Default true
.
.resolve(importModule, sourceFileName, pluginOptions)
- Resolve absolute path.This function is used internally by the babel plugin, is exposed so it can be used
by analyzers to build a list of scripts being imported. The pluginOptions
argument
takes the same values as the babel plugin and uses the same defaults.
const {resolve} = require('babel-plugin-bare-import-rewrite');
const importModule = '@polymer/lit-element';
const pluginOptions = {
"alwaysRootImport": ["@polymer/*"],
};
try {
const absPath = resolve(importModule, __filename, pluginOptions);
console.log(`The requested module ${importModule} is in ${absPath}.`);
} catch (e) {
console.error(`Cound not resolve ${importModule}:`, e);
}
Some web server software has support for live translation of JavaScript sources. These are meant for using during development and testing, a build step should be used to produce static translated sources for production deployments.
Feel free to open an issue or PR if you know of other node.js servers which can use this babel plugin to perform bare import rewrites.
Tests are provided by xo and ava.
npm install
npm test
This module is based on code found in polymer-build and polymer-analyzer.
babel-plugin-bare-import-rewrite
for enterpriseAvailable as part of the Tidelift Subscription.
The maintainers of babel-plugin-bare-import-rewrite
and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
FAQs
Babel plugin to rewrite bare imports for browser use.
We found that babel-plugin-bare-import-rewrite demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.