![The Risks of Misguided Research in Supply Chain Security](https://cdn.sanity.io/images/cgdhsj6q/production/8d0ef109a68b4c819a3f2689a05769bebace4f19-1072x539.png?w=400&fit=max&auto=format)
Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
babel-plugin-replace-import-extension
Advanced tools
Babel plugin to replace extension of file name written in import statement and dynamic import
Babel plugin to replace extension of file name written in import statement and dynamic import.
npm install --save-dev babel-plugin-replace-import-extension
With the option:
{ "extMapping": { ".js": ".mjs" }}
import { foo } from './module1.js';
export { bar } from './module2.js'; // Works for re-exporting
const promise = import('./module3' + '.js'); // Also works for dynamic import!
import { foo } from './module1.mjs';
export { bar } from './module2.mjs';
// In dynamic import, function to replace extension is inserted.
// Note the actual code is not exactly the same.
const promise = import(__transformExtension('./module3' + '.js'));
When you develop a npm package that includes both ESModule and CommonJS version of the code, there is two ways to tell Node which file is which version.
mjs
for ESModule and cjs
for
CommonJS.package.json
with a type
field specified to the directory.If you choose the former and you write your code in ESModule and transpile it to CommonJS, you have to change the extension of the files while transpiling.
In Babel CLI, extension of the output file name can be changed with
--out-file-extension
option. But the file name referenced inside the code
is not changed. In this case, this plugin comes into play.
Note that the conversion is performed only on relative file name
(starts with ./
or ../
), because built-in packages or packages importing
from node_modules
should not be converted.
If project root package.json
has type
field of module
, Babel config of
{
"plugins": [
["replace-import-extension", { "extMapping": { ".js": ".cjs" }}],
["@babel/transform-modules-commonjs"]
]
}
will convert the file extension from .js
to .cjs
and convert ESModule to
CommonJS, allowing both version's code exist together while Node can handle
each versions correctly. (@babel/plugin-transform-modules-commonjs
must be
installed.) Or if you also need other translations, @babel/env
preset can be
used together like,
{
"presets": [["@babel/env"]],
"plugins": [
["replace-import-extension", { "extMapping": { ".js": ".cjs" }}]
]
}
If project root package.json
has no type
field or has type
field of
cjs
, ESModule files must be explicitly marked by mjs
extension, which can
be done by Babel config of
{
"plugins": [
["replace-import-extension", { "extMapping": { ".js": ".mjs" }}]
]
}
Once again, --out-file-extension
option must be used together to change the
output file extension.
mjs
and cjs
in the same packageIf you are using .mjs
for your source files, you can use babel to generate .cjs
files for backwards compatibility:
{
"presets": [["@babel/env"]],
"plugins": [
["replace-import-extension", { "extMapping": { ".mjs": ".cjs" }}]
]
}
In your package.json
specify the entries accordingly:
{
"main": "dist/index.cjs",
"module": "src/index.mjs",
"source": "src/index.mjs",
"exports": {
".": {
"require": "dist/index.cjs",
"import": "src/index.mjs"
},
"src/index.mjs": {
"import": "src/index.mjs"
},
"dist/index.cjs": {
"require": "dist/index.cjs",
"import": "dist/index.cjs"
}
},
"scripts": {
"build.cjs": "babel -d dist/ src/ --out-file-extension .cjs",
"prepare": "npm run build.cjs"
}
}
extMapping
Object
, defaults to {}
.
Mapping of original extension to converted extension.
Leading .
is mandatory.
Both the original and the converted extensions can be empty string ''
, which means
no extension. You can use this feature to add or remove extension.
FAQs
Babel plugin to replace extension of file name written in import statement and dynamic import
We found that babel-plugin-replace-import-extension demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.