Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The deps-sort npm package is used to sort a stream of module dependencies in a way that ensures each module appears after its dependencies. This is particularly useful in build processes where the order of module loading is crucial.
Sorting Dependencies
This feature allows you to sort a list of module dependencies so that each module appears after its dependencies. The code sample demonstrates how to use deps-sort to sort an array of module objects.
const depsSort = require('deps-sort');
const through = require('through2');
const input = [
{ id: 'a', deps: { b: 'b' } },
{ id: 'b', deps: { c: 'c' } },
{ id: 'c', deps: {} }
];
const output = [];
const sorter = depsSort();
sorter.pipe(through.obj((row, enc, next) => {
output.push(row);
next();
}));
input.forEach(row => sorter.write(row));
sorter.end();
sorter.on('end', () => {
console.log(output);
});
module-deps is a package that provides a way to parse the dependency graph of CommonJS modules. It can be used to find and sort dependencies, similar to deps-sort, but it also includes additional features like transforming the source code of modules.
browserify is a tool that allows you to bundle up all of your JavaScript dependencies for the browser. It includes functionality for sorting dependencies as part of its bundling process, making it a more comprehensive solution compared to deps-sort.
webpack is a module bundler that takes modules with dependencies and generates static assets representing those modules. It includes advanced features for dependency management and sorting, making it a more powerful but complex alternative to deps-sort.
sort module-deps output for deterministic browserify bundles
$ for((i=0;i<5;i++)); do module-deps main.js | deps-sort | browser-pack | md5sum; done
e9e630de2c62953140357db0444c3c3a -
e9e630de2c62953140357db0444c3c3a -
e9e630de2c62953140357db0444c3c3a -
e9e630de2c62953140357db0444c3c3a -
e9e630de2c62953140357db0444c3c3a -
or using browserify --deps
on a voxeljs project:
$ for((i=0;i<5;i++)); do browserify --deps browser.js | deps-sort | browser-pack | md5sum; done
fb418c74b53ba2e4cef7d01808b848e6 -
fb418c74b53ba2e4cef7d01808b848e6 -
fb418c74b53ba2e4cef7d01808b848e6 -
fb418c74b53ba2e4cef7d01808b848e6 -
fb418c74b53ba2e4cef7d01808b848e6 -
To use this module programmatically, write streaming object data and read streaming object data:
var sort = require('../')();
var JSONStream = require('jsonstream');
var parse = JSONStream.parse([ true ]);
var stringify = JSONStream.stringify();
process.stdin.pipe(parse).pipe(sort).pipe(stringify).pipe(process.stdout);
var depsSort = require('deps-sort');
Return a new through stream
that should get written
module-deps objects and will output
sorted objects.
opts
can be:
opts.index
- when true, for each module-deps row, insert row.index
with
the numeric index and row.indexDeps
like row.deps
but mapping require
strings to row indices
opts.expose
- array of names or object mapping names to true
not to mangle
with integer indexes when opts.index
is turned on. If opts.expose
maps names
to strings, those strings will be used to resolve the indexed references.
opts.dedupe
- set row.dedupe
for files that match existing contents. Sets
row.dedupeIndex
when opts.index
is enabled. When row.dedupe
is set,
row.sameDeps
will be set to a boolean of whether the dependencies at the
dedupe target match (true) or just the source content (false).
With npm do:
npm install deps-sort
MIT
FAQs
sort module-deps output for deterministic browserify bundles
The npm package deps-sort receives a total of 1,059,297 weekly downloads. As such, deps-sort popularity was classified as popular.
We found that deps-sort demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 40 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.