
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
babel-plugin-transform-modules-requirejs-babel
Advanced tools
A Babel plugin transforming ESM modules to AMD modules for processing by RequireJS with the requirejs-babel7 plugin.
A Babel plugin transforming ESM modules to AMD modules, so that they will be processable by RequireJS with the help of the requirejs-babel7 plugin.
The built-in plugin for the AMD module transformation - @babel/plugin-transform-modules-amd - covers only a simple scenario transform an ESM code base, which used AMD only as module format, without additional other RequireJS features. This plugin supports scenarios using all capabilities of RequireJS, above all:
{ default: ... }
to keep the compatibility. An AMD module can be rewritten to ESM and vice-versa anytime.define
statements are recognised.This plugin replaces a couple of plugins usually used together with requirejs-babel7: @babel/plugin-transform-modules-amd, babel-plugin-amd-checker, babel-plugin-amd-default-export and babel-plugin-module-resolver-standalone. An example of a Babel configuration using those plugins:
{
plugins: [
'amd-checker',
'transform-modules-amd',
[
'module-resolver',
{
resolvePath: function (sourcePath, currentFile, opts) {
// Ignore paths with other plugins applied and the three built-in
// pseudo-modules of RequireJS.
if (sourcePath.indexOf('!') < 0 && sourcePath !== 'require' &&
sourcePath !== 'module' && sourcePath !== 'exports') {
return 'es6!' + sourcePath;
}
}
}
],
['amd-default-export', { addDefaultProperty: false }]
]
}
Their combination did not support mixing ESM and AMD modules at any dependency level. Skipping of AMD modules had to be handled by catching an error of a special class, which needed to wrap Babel programmatically. The new plugin covers amm problems of the built-in AMD transformation, which the previous ones did, without any drawbacks.
This module can be installed in your project using NPM, PNPM or Yarn. Make sure, that you use Node.js version 6 or newer.
npm i -D babel-plugin-transform-modules-requirejs-babel
pnpm i -D babel-plugin-transform-modules-requirejs-babel
yarn add babel-plugin-transform-modules-requirejs-babel
Prevent the transpiler to wrap source files that are already wrapped by define
or require
as AMD modules:
{
plugins: ['transform-modules-requirejs-babel']
}
Customising the default module path transformation:
{
plugins: [
[
'transform-modules-requirejs-babel',
{
resolvePath: function (sourcePath, currentFile, opts) {
// Ignore paths with other plugins applied and the three built-in
// pseudo-modules of RequireJS.
if (sourcePath.indexOf('!') < 0 && sourcePath !== 'require' &&
sourcePath !== 'module' && sourcePath !== 'exports') {
return 'es6!' + sourcePath;
}
}
}
]
]
}
In lieu of a formal styleguide, take care to maintain the existing coding style. Lint and test your code.
Copyright (c) 2022-2025 Ferdinand Prantl
Licensed under the MIT license.
FAQs
A Babel plugin transforming ESM modules to AMD modules for processing by RequireJS with the requirejs-babel7 plugin.
The npm package babel-plugin-transform-modules-requirejs-babel receives a total of 121 weekly downloads. As such, babel-plugin-transform-modules-requirejs-babel popularity was classified as not popular.
We found that babel-plugin-transform-modules-requirejs-babel demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.