Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
babel-plugin-transform-cjs-dew
Advanced tools
This plugin implements a deferred execution wodule format that allows supporting CommonJS execution semantics through an ES modules protocol.
Modules converted in this way can only import from other modules converted to this format.
This project aims for accuracy and reliability transforming a tree of CommonJS modules into a spec-compliant tree of ES Modules.
require('babel-core').transform('<source>', {
parserOpts: {
allowReturnOutsideFunction: true
},
plugins: [
['transform-cjs-dew', {
filename: '"custom-filename.js"',
dirname: '"/dirname"',
define: {
'process.env.NODE_ENV': '"development"'
},
resolve (name, { wildcard?, optional?, browserResolve? }) {
if (name === 'process')
return 'process-path';
if (name === './x')
return './x.js';
},
// for wildcard requires, return a string or array or null to indicate unknown resolution
// '@empty' indicates an empty object resolution, where all named exports are undefined
// by default, a null resolve embeds a Node require through a import 'module' path
// browserOnly just inlines the module not found error directly
browserOnly: false,
// when a wildcard ends in *, permit automatic extension variations
// in the conditional expression output
wildcardExtensions: ['.js'],
// optional support for ESM dependencies with default export
esmDependencies (resolved) {
return resolved.endsWith('.mjs');
}
}]
]
});
Output:
import { dew as _depDew } from './dep.dew.js';
import depB from './dep.mjs';
var exports = {};
var module = {
get exports () {
return exports;
}
set exports (_exports) {
exports = _exports;
}
};
export function dew () {
if (executed)
return module.exports;
executed = true;
__dew__ = null;
module.exports = function () {};
exports.blah = 'hi';
var a = _depDew().y;
var b = depB;
return module.exports;
}
To import a CommonJS module tree converted via the above into an ES module, the following execution wrapper is required:
x.js
import { dew } from './x.dew.js';
export default dew();
As well as execution wrapping, the following code transformations are handled:
exports
and module
variables in module scope.global
or GLOBAL
defines global in the module scope.this
is replaced with an exports
reference.return
is adjusted to always ensure a falsy return value.this
references that are not direct calls, fallback to _global.globalName = ...
are rescoped for a simple strict module conversion.Buffer
and process
is transformed into an import of buffer
or process
. This module name can be customized by the map
configuration option.The remaining strict conversion cases that don't convert are then just the edge cases of loose -> strict mode conversion:
with
statements will throwthis
being the global as the default context for function callsdelete
statements of local variables are removedThe above should comprehensively cover the failure cases.
MIT
FAQs
Converts CommonJS modules into ES modules
We found that babel-plugin-transform-cjs-dew demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.