Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
basetag lets you use local modules relative to your Node.js project base path
basetag
creates a $
symlink in your local node_modules
so that you can:
😓 Turn this:
const balls = require('../../../../baseball/balls'); // ❌
🤯 Into this:
const balls = require('$/baseball/balls'); // ✅
Install as a dev dependency:
npm install --save-dev basetag
Create a $
symlink in your local node_modules
by running:
npx basetag link --hook
Upgrade existing require
s and import
s to the basetag way:
# require('../../baseball') => require('$/baseball')
npx basetag rebase
⚠️ Unfortunately, npm does not like basetag very much
npm will remove the
$
on everynpm install <package>
To fix this issue there are some solutions:
Use the postinstall
script to run basetag after every npm install
package.json
"scripts": {
"postinstall": "npx basetag link"
}
Use the --hook
flag (which sets up an npm hook that runs basetag after every npm install <package>
You only have to do this once (unless you delete your
node_modules
folder). But, you can also use this in connection with Fix #1.
npx basetag link --hook
basetag has a few commands that can be run via npx basetag <command>
link [--absolute] [--hook]
— creates a relative $
symlink
--absolute
creates an absolute symlink rather than relative--hook
sets up basetag to run after every npm install ...
rebase
- upgrades require
s and import
s to use the package-relative $/
debase
- downgrades require
s and import
s to use file-relative ../
sWhat does basetag
solve?
In Node.js applications we sometimes want to import local modules that are in different far away subdirectories.
This can lead to very messy looking require
statements.
Using basetag you can import modules with $/
as the project base path.
If you're not convinced, check out the example below...
🤯 The modern basetag way:
const balls = require('$/baseball/balls'); // ✅
😓 The traditional (often messy) way:
const balls = require('../../../../baseball/balls'); // ❌
basetag
?It's really all described above and there's not much to it.
Look at the code in test/example/
for an executable example.
A larger project can have many nested subfolders as shown in the directory structure below.
Of course a real project would have more files in those subdirectories but for simplicity we'll leave those out.
Using basetag you can reference modules from the base example/
path, rather than using relative directories (i.e. ../../..
).
example/
├── its/
│ └── baseballs/
│ └── all/
│ └── the/
│ └── way/
│ └── down.js
├── somewhere/
│ └── deep/
│ └── and/
│ └── random.js
└── index.js
basetag
work?It's rather simple.
By running basetag, a symlink is created that points from node_modules/$
to your project base path.
Everytime you use a require
with $/…
Node.js will look inside the $
package (i.e. our new symlink).
The lookup is routed natively to your project files.
To Node.js, both methods of requiring look the same, because the files are literally the same files. Both methods can be used in the same project and Node.js will cache imports correctly.
basetag
supports macOS, Linux, and Windows as of version 1.1.0
.
FAQs
A better way to import NodeJS modules
The npm package basetag receives a total of 5,641 weekly downloads. As such, basetag popularity was classified as popular.
We found that basetag demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.