Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
custom-require
Advanced tools
With this module you can receive a callback for any non-native dependecies an specific module loads, including the dependencies of his dependencies, and so on.
npm install custom-require
/* FILE: test1.js */
// Load any non-native module
require("react");
module.exports = "yay";
/* FILE: test2.js */
// Load any non-native module
require("react");
require("redux");
/* FILE: main.js */
// Load the module at the top of the entry point file
var CustomRequire = require("custom-require").CustomRequire;
// If you are using TypeScript, you can use import
import { CustomRequire } from "cusrom-require";
// Instantiate an object with a callback that will be called when a module is loaded
var firstWalker = new CustomRequire(function(module) {
console.log("First walker", module.filename);
});
// Require a module to see its dependencies
firstWalker.require("./test");
// You can also require another file. Already called dependencies will not be called again
firstWalker.require("./test2");
// You can create different Custom Require instances together in the same script
var secondWalker = new CustomRequire(function(module) {
console.log("Second walker", module.filename);
});
// Requiring modules already required by another instance will not be a problem
// Second walker will receive all the dependencies too
// The require method will work as the default require one, returning the exports contents
var yay = secondWalker.require("./test");
// Yay it
console.log(yay);
Also, it works with asynchronous requires
/* FILE: async_test.js */
// Load any non-native module
require("react");
setTimeout(function() {
require("redux");
}, 1000);
As the nature of Node.js, required modules are cached, so doing this will not work as expected:
// Load the test module before the Custom Require
require("./test");
// Now load Custom Require
var CustomRequire = require("custom-require");
// And make an instance
var walker = new CustomRequire(function(module) {
console.log("Walker", module.filename);
});
// This will show redux dependencies, but not react ones as they were loaded before Custom Require
walker.require("./test2");
Custom Require will be only able to track modules loaded after it has been required for the first time, so is recommendable to require it at the top of the entry-point file. Is not needed to add it to each file. Only at the entry-point.
NOTE: Custom Require will start tracking right after requiring it. Is not necessary to immediatly create an instance.
FAQs
Detect what dependencies a module has
The npm package custom-require receives a total of 1 weekly downloads. As such, custom-require popularity was classified as not popular.
We found that custom-require demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.