Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
clientside-require
Advanced tools
Node.js style require() statements in the browser. Load npm modules, js, html, css, json without any bundling required.
require()
node_modules
, js
, css
, html
, and json
in the browser with as little effort as loading jquery. (No building, compiling, etc required).
Simply serve the clientside-require.js
file to a browser and enjoy one of life's greatest pleasures, npm modules
, in the browser:
<script src = "/path/to/clientside-require.js"></script>
<script>
require(module_name__OR__abs_path__OR__rel_path) // WOW!
</script>
This package enables utilizing npm
for clientside development. The node modules you npm install
all the time can be utilized out of the box:
require("qs") // require a node module by module name; installed with `npm install qs`
.then((qs)=>{
var query_string = qs.stringify({foo:bar}); // foo=bar
})
In addition, you can load your own js functionality into the browser without polluting the global scope:
require("./util.js") // require a js file with a relative path
.then((exports)=>{
exports.awesome_functionality(); // where `exports` is defined by `model.exports` in `util.js`
})
Last but not least, with this require()
function we can import any file type (e.g., js
, json
, html
, css
, txt
, etc):
require("/path/to/html/file.html") // require a html file with an absolute path
.then((html)=>{
console.log(html)
})
This package provides an async require()
function to the browser (async = it returns a promise). While the immediate require()
function must be asynchronous (since browsers don't permit synchronous loading), subsequent require()
functions (e.g., the require
function passed to node modules) can be synchronous! That means that we can use any node module in the browser without any compiling, transpiling, building, or any modifications to code whatsoever.
All require
'ed modules are cached to eliminate duplicate requests. The require
function is injected into loaded scripts (e.g., module scripts) so that the cache is maintained in every file and module loaded.
npm install clientside-require --save
<script src = "node_modules/clientside-require/src/index.js"></script>
/src/index.js
file to your server<script src = "path/to/clientside-require/script/index.js"></script>
If you intend to use node modules, please read this configuration detail to ensure the module works in all contexts. Otherwise, everything is setup by default already.
We will assume for all of these examples that the clientside-require
has been loaded into the window already as follows (the 'with npm' option):
<script src = "node_modules/clientside-require/src/index.js"></script>
<script>
inside of index.html
var promise_color_name = require("color-name");
promise_color_name
.then((color_name)=>{
console.log(color_name.blue); // outputs [0, 0, 255]
})
directory structure
node_modules/
clientside-require/
color-name/
index.html
Note, npm modules made for the clientside specifically are optimized for browser loading and usage! See this for more info.
This uses the clientside-view-modal-login_signup npm package. Use the repo as an example for how you can create your own view module!
npm install clientside-view-modal-login_signup
require("clientside-view-loader")
.then((view)=>{
return view.load("clientside-view-modal-login_signup").generate();
})
.then((modal)=>{
document.body.appendChild(modal);
modal.show("login");
})
generates a fully functional one of these:
require(request)
The request
argument in require(request)
expects an absolute path, a relative path, or a node_module name.
For the following examples, lets assume the following directory structure:
awesome_directory/
awesome_file.js
awesome_helper.js
node_modules/
clientside-view-loader/
root.html
Absolute paths operate exactly as one would expect. A request to retrieve the file will be sent directly to that path.
// inside `root.html`
require("/awesome_directory/awesome_file.js")
.then((exports)=>{/* ...magic... */})
Relative paths operate exactly like you would expect, too! The require()
function utilizes the clientside-require
to keep track of the path
to each file its loaded in.
Not only can you do this:
// inside `root.html`
require("./awesome_directory/awesome_file.js")
.then((exports)=>{/* ...magic... */})
But inside awesome_directory/awesome_file.js
, which is eventually loaded by root.html
, we can do this:
// inside awesome_directory/awesome_file.js
require("./awesome_helper.js")
.then((helper_exports)=>{ /* ... use the other scripts for even more magic ... */ })
The require(request)
function will assume any request
that does not start with "/" and has no file extension is a node_module
name. It will:
node_module
by utilizing the node_module_root
package.json
file to find the main
scriptThe require()
loader is capable of loading html
, css
, json
, txt
, and js
. Notably for js
we load the contents of the script without polluting the global scope.
js
The content returned from a js
file is what is included in the module.exports
object. This is in line with what one would expect with if they worked with node modules.
The way that the clientside-require
loads js
enables the user to protect the global scope. By loading the script into an iframe and extracting the module.exports
object from the iframe we protect the global scope from any global variable definitions that may exist in the target js
script.
css
As there is no way to provide scoping for css
, css
is loaded directly into the main window with global scope.
require(__, options)
The require function takes options, {}
. These options enable various functionality that simplifies using clientside modules.
options.functions
enables the appending of various functions to the promise element returned by the require()
command. This enables clean functionality such as require().load()
, require.build()
, etc.
This example will use the clientside-view-loader module in the demonstration.
without options.functions
:
var view_loader = require("clientside-view-loader");
view_loader.then((view)=>{
return view.load("clientside-view-login_signup").generate(options);
})
.then((modal)=>{
document.querySelector("body").appendChild(element);
element.show("login");
})
with options.functions
:
var view_loader = require("clientside-view-loader", {functions : {
load : function(path){ return this.then((view_loader)=>{ return view_loader.load(path)})}, // define `view_loader.load()` to the view_loader promise
}});
view_loader.load("clientside-view-login_signup").generate(options)
.then((element)=>{
document.querySelector("body").appendChild(element);
element.show("login")
})
By default, the clientside-require
expects the node_modules
directory to be in the same directory as the file it is loaded in e.g.:
node_modules/
this_file.html
in this case (above) it will work by default.
If your node_modules
is not in the same directory as the file that the clientside-require
is loaded you, e.g.:
node_modules/
a_directory/
this_file.html
you will need to define the path to the node_modules
directory by defining window.node_modules_root
, e.g.:
window.node_modules_root = '/../node_modules' // if node_modules is in parent directory of this file's directory
This must be defined before you load the clientside-require
script.
Note, scope goes two ways. Not only does the namespace that you load not enter the main window, the namespace of the main window does not enter the namespace that you load. E.g., the clientside-require passes a reference to console so that it can output to the main window console and not an unreachable console.
npm packages written for the browser utilizing clientside-require
:
request
package for the browserComming soon.
This will enable creation of a script you can serve to the browser which will preinitialize the require()
cache (e.g., load any set of modules and js files on page load)
FAQs
Node.js style require() statements in the browser. Load npm modules, js, html, css, json without any bundling.
The npm package clientside-require receives a total of 15 weekly downloads. As such, clientside-require popularity was classified as not popular.
We found that clientside-require demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.