
Research
SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.
(推荐)自动装载第三方模块至 Egg.js 框架上
在项目开发中,需要用到一些第三方模块(module),一般情况下使用 require 就可以将模块引入使用了。但是如果多个文件中用到同一个模块,每个文件中都需要 require 一下,显得有些麻烦,同时也不利于项目工程化管理。本插件就是为了解决这个问题而诞生的,能够将指定的第三方模块挂载到 Egg.js 框架的 app 属性上,方便调用。
$ npm i egg-load
通过 config/plugin.js 配置启动 egg-load 插件:
exports.load = {
enable: true,
package: 'egg-load',
}
在 config/config.${env}.js 配置各个环境的信息,以下是使用示例:
exports.load = {
/** 需要挂载的模块列表 */
module: [
/** 列表项支持对象(object)和字符串(string)两种形式 */
{
/** 需要挂载的 npm 包的包名,例如 axios,必填 */
package: 'pkg1-name',
/** 挂载的属性名,例如填 abc,该模块可以通过 app.abc 进行访问,默认为包名(package),选填 */
name: 'abc',
/** 是否禁用,默认为否,选填 */
disabled: false,
},
/** 使用字符串形式只需要输入包名即可,其他属性按照默认属性自动设置 */
'pkg2-name',
],
/** 是否加载到 app 上,默认开启 */
app: true,
/** 是否加载到 agent 上,默认关闭 */
agent: false,
}
本插件并不会帮你自动下载对应的 npm 包,你需要自行通过命令 npm i package-name 命令下载对应的依赖包。
所有引入的第三方模块将自动挂载到 app 上,直接访问设定的属性名即可。例如:
插件配置:
// config/plugin.js
exports.load = {
enable: true,
package: 'egg-load',
}
配置信息 Demo:
exports.load = {
module: [
{
package: 'axios',
name: 'req',
disabled: false,
},
'only',
],
app: true,
agent: false,
}
在能够访问 app 的地方,你可以通过 app.req 和 app.only 访问以上两个包。
FAQs
🚀 自动挂载第三方模块至 Egg.js 框架上
The npm package egg-load receives a total of 4 weekly downloads. As such, egg-load popularity was classified as not popular.
We found that egg-load demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.

Company News
Socket is proud to join the OpenJS Foundation as a Silver Member, deepening our commitment to the long-term health and security of the JavaScript ecosystem.

Security News
npm now links to Socket's security analysis on every package page. Here's what you'll find when you click through.