Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
babel-plugin-lazy-require
Advanced tools
Transform CommonJS require statements into lazily evaluated imports
Transform global require statements that run on module load to lazily evaluated statements that get evaluted when first accessed later on in the file.
This is particularly useful when you have modules that are only needed under certain conditions and when startup time and/or memory footprint are important.
To install:
npm install --save-dev babel-cli@6 babel-plugin-lazy-require
To run:
babel <your-code> --plugins babel-plugin-lazy-require
Input
// Module is imported here
const someModule = require('some-module');
function myCode() {
// Module is only actually used here
someModule.doSomething();
}
Output
const _someModule = {
initialized: false
};
const _imports = {
get someModule() {
if (!_someModule.initialized) {
_someModule.value = require('some-module');
_someModule.initialized = true;
}
return _someModule.value;
}
}
function myCode() {
// Module is imported and used here
_imports.someModule.doSomething();
}
FAQs
Transform CommonJS require statements into lazily evaluated imports
The npm package babel-plugin-lazy-require receives a total of 74 weekly downloads. As such, babel-plugin-lazy-require popularity was classified as not popular.
We found that babel-plugin-lazy-require demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.