Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
deps-sort
Advanced tools
The deps-sort npm package is used to sort a stream of module dependencies in a way that ensures each module appears after its dependencies. This is particularly useful in build processes where the order of module loading is crucial.
Sorting Dependencies
This feature allows you to sort a list of module dependencies so that each module appears after its dependencies. The code sample demonstrates how to use deps-sort to sort an array of module objects.
const depsSort = require('deps-sort');
const through = require('through2');
const input = [
{ id: 'a', deps: { b: 'b' } },
{ id: 'b', deps: { c: 'c' } },
{ id: 'c', deps: {} }
];
const output = [];
const sorter = depsSort();
sorter.pipe(through.obj((row, enc, next) => {
output.push(row);
next();
}));
input.forEach(row => sorter.write(row));
sorter.end();
sorter.on('end', () => {
console.log(output);
});
module-deps is a package that provides a way to parse the dependency graph of CommonJS modules. It can be used to find and sort dependencies, similar to deps-sort, but it also includes additional features like transforming the source code of modules.
browserify is a tool that allows you to bundle up all of your JavaScript dependencies for the browser. It includes functionality for sorting dependencies as part of its bundling process, making it a more comprehensive solution compared to deps-sort.
webpack is a module bundler that takes modules with dependencies and generates static assets representing those modules. It includes advanced features for dependency management and sorting, making it a more powerful but complex alternative to deps-sort.
sort module-deps output for deterministic browserify bundles
$ for((i=0;i<5;i++)); do module-deps main.js | deps-sort | browser-pack | md5sum; done
e9e630de2c62953140357db0444c3c3a -
e9e630de2c62953140357db0444c3c3a -
e9e630de2c62953140357db0444c3c3a -
e9e630de2c62953140357db0444c3c3a -
e9e630de2c62953140357db0444c3c3a -
or using browserify --deps
on a voxeljs project:
$ for((i=0;i<5;i++)); do browserify --deps browser.js | deps-sort | browser-pack | md5sum; done
fb418c74b53ba2e4cef7d01808b848e6 -
fb418c74b53ba2e4cef7d01808b848e6 -
fb418c74b53ba2e4cef7d01808b848e6 -
fb418c74b53ba2e4cef7d01808b848e6 -
fb418c74b53ba2e4cef7d01808b848e6 -
To use this module programmatically, write streaming object data and read streaming object data:
var sort = require('../')();
var JSONStream = require('JSONStream');
var parse = JSONStream.parse([ true ]);
var stringify = JSONStream.stringify();
process.stdin.pipe(parse).pipe(sort).pipe(stringify).pipe(process.stdout);
var depsSort = require('deps-sort');
Return a new through stream
that should get written
module-deps objects and will output
sorted objects.
opts
can be:
opts.index
- when true, for each module-deps row, insert row.index
with
the numeric index and row.indexDeps
like row.deps
but mapping require
strings to row indices
opts.expose
- array of names or object mapping names to true
not to mangle
with integer indexes when opts.index
is turned on. If opts.expose
maps names
to strings, those strings will be used to resolve the indexed references.
opts.dedupe
- set row.dedupe
for files that match existing contents. Sets
row.dedupeIndex
when opts.index
is enabled. When row.dedupe
is set,
row.sameDeps
will be set to a boolean of whether the dependencies at the
dedupe target match (true) or just the source content (false).
Input objects are file objects in the module-deps shape. They must at least have these properties:
row.id
- a unique identifier for the filerow.source
- the file contentsrow.deps
- dependencies for this file, mapping strings as used in
require()
to row IDs.All the input properties, and:
row.index
- when opts.index
is true, the sorted numeric index of the rowrow.indexDeps
- like row.deps
, but mapping to row.index
instead of
row.id
row.dedupe
- when opts.dedupe
is true, contains the row ID of a file with
identical contentsrow.dedupeIndex
- like row.dedupe
, but contains the row.index
instead
of row.id
With npm do:
npm install deps-sort
MIT
FAQs
sort module-deps output for deterministic browserify bundles
The npm package deps-sort receives a total of 560,342 weekly downloads. As such, deps-sort popularity was classified as popular.
We found that deps-sort demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 40 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.