Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
coffee-register
Advanced tools
require CoffeeScript files on-the-fly without precompilation up to 2000% faster than the official package
require
coffeescript files "on-the-fly" without precompilation up to 2000% faster than the official coffee-script/register package.
index.js:
require('coffee-register');
// That's it! After this call require coffee files as you would JS files.
require('./somefile.coffee')
require('./another') // ext is optional
require('./dir') // loads './dir/index.coffee'
There are two primary reasons:
a) This module attaches a hook in node's module system to be invoked only for files ending with .coffee
as opposed to the official coffee-script/register which hooks onto .coffee
, .litcoffee
, .coffee.md
. Each additional hook imposes overhead on module loading times and since the latter 2 extensions are rarely used they have been ommited by default (although they can be manually registered by using require('coffee-register').register(['.coffee', '.litcoffee', ...])
and any other extension you wish)
b) By leverging dynamic caching. When coffee-register
encounters a coffee file it compiles it and then saves it to disk, mapping its content's hash to the saved compiled file so that the next time it encounters this coffee file it inspects its content's hash and attempts to load it from cache. The cache never has to be purged as the process is done automatically for you.
child_process
forks?Forks created by child_process
will also work after this module is loaded.
Due to how the official coffee-script package works source maps will only work by default for non-cached files (i.e. only on the first time they are loaded). coffee-register
provides an optional workaround which can be enabled by setting the SOURCE_MAPS
env variable to true.
Example:
SOURCE_MAPS=1 node index.js
This module can use both v1 and v2 for compiling.
For the lastest v1 compiler:
$ npm install coffee-register@1
For the lastest v2 compiler:
$ npm install coffee-register
MIT © Daniel Kalen
FAQs
require CoffeeScript files on-the-fly without precompilation up to 2000% faster than the official package
The npm package coffee-register receives a total of 4,815 weekly downloads. As such, coffee-register popularity was classified as popular.
We found that coffee-register demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.