Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A single configuration for path aliases to reuse across all your tools (TypeScript, webpack, Jest, etc.)
A single configuration for path aliases to reuse across all your tools (TypeScript, webpack, Jest, etc.)
Path alias is a powerful way to manage relative paths in your projects by replacing long import paths like this:
import result from '../../../../utils/getResult'
with a defined alias like this:
import result from 'utils/getResult'
In this example, the
utils/
portion of the import is an alias that resolves to the same relative directory.
The issue is that different tools have different declaration format and capabilities of path aliases. This means that in order to reuse the same alias across development and testing you are likely to tweak multiple configuration with the setup you cannot directly reuse. This increases the maintenance cost of such setup, making aliasing expensive.
Dotalias establishes a single configuration format for path aliases and compiles it to configurations that different tools can understand. Effectively, it abstracts all the hassle of having to configure various tools differently. By doing so, you can finally reuse one configuration to all the tools you're using.
$ npm install dotalias
# OR
$ yarn add dotalias
$ touch alias.config.js
// alias.config.js
module.exports = {
myModule: './module.js',
}
Refer to the integration examples to use this library with various bundlers or testing frameworks.
You can write the alias configuration in any of the following files:
.aliasrc
.aliasrc.json
.aliasrc.yaml
.aliasrc.yml
.aliasrc.js
.aliasrc.cjs
alias.config.js
alias.config.cjs
"alias"
key in your package.json
We are using cosmiconfig to resolve the configuration file. Learn more about the way it gets resolved in the mentioned repository.
The configuration file consists of keys that represent module names and values that stand for relative paths to resolve those module names.
// alias.config.js
module.exports = {
myModule: './module.js',
}
Module paths are relative to the current working directory.
In the example above, we've created a module alias for the myModule
that will resolve to a local file at ./module.js
whenever imported in the code:
// Once you've configured your build tools,
// this will resolve to "./module.js".
import result from 'myModule'
In the same fashion, the configuration file can be written in various formats. Here's an example of the configuration in YAML:
myResult: './module.js'
// alias.config.js
module.exports = {
components: './src/components',
}
// alias.config.js
module.exports = {
'utils/*': './src/utils/*',
}
A single alias may specify multiple paths. The first matching path resolves.
// alias.config.js
module.exports = {
'utils/*': ['src/utils/*', 'utils/*'],
}
All the integration examples below assume you have the configuration file created at the root of your application. Whenever you import the dotalias
package, it automatically reads the closest configuration and returns the necessary bindings for the integration with other tools.
In order to support dynamic import paths (i.e. wildcards), this library exports a custom webpack plugin instead of the resolve.alias
configuration object.
// webpack.config.js
const { alias } = require('dotalias')
module.exports = {
plugins: [new alias.WebpackPlugin()],
}
// rollup.config.js
const { alias } = require('dotalias')
const aliasPlugin = require('@rollup/plugin-alias')
module.exports = {
plugins: [
aliasPlugin({
...alias.rollup,
}),
],
}
Requires you to have the @rollup/plugin-alias package installed.
// jest.config.js
const { alias } = require('dotalias')
module.exports = {
...alias.jest,
}
Execute the following command in your project's root directory:
$ npx dotalias ts
This command will generate a tsconfig.alias.json
partial TypeScript configuration file that you can later extend in your tsconfig.json
to enable path aliases:
{
"extends": "./tsconfig.alias.json"
}
When deciding on the optimal configuration format, I've researched the path alias configurations for the most common tools I use. Below you can see a table of those tools' capabilities when it comes to path aliases:
Feature | TypeScript | webpack | Rollup | Jest | .alias |
---|---|---|---|---|---|
Exact paths | ✅ | ✅ | ✅ | ✅ | ✅ |
Dynamic paths | ✅ | ✅ | ✅ | ✅ | ✅ |
Fallbacks | ✅ | ✅ | ❌ 1 | ✅ | ✅ |
RegExp | ❌ | ❌ 2 | ✅ | ✅ | TBA |
Custom resolver | ❌ | ❌ 2 | ✅ | ❌ | TBA |
1—possible with a custom resolver; 2—possible with a custom plugin.
paths
)resolve.alias
)@rollup/plugin-alias
)moduleNameMapper
)FAQs
A single configuration for path aliases to reuse across all your tools (TypeScript, webpack, Jest, etc.)
The npm package dotalias receives a total of 0 weekly downloads. As such, dotalias popularity was classified as not popular.
We found that dotalias demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.