Product
Socket Now Supports uv.lock Files
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
esm-resolve
Advanced tools
Sync ESM import resolver for Node written in pure JS. This is written to be part of an ESM dev server or build process. It is permissive by default, allowing some cases which would normally be failures.
⚠️ This resolver was writtem before import.meta.resolve()
was widely available—it may work for you without adding yet another dependency.
However, "esm-resolve" is a bit more permissive.
Install and import "esm-resolve" via your favorite package manager. Create a resolver based on the importing file.
import buildResolver from 'esm-resolve';
import { buildResolver } from 'esm-resolve'; // also works
const r = buildResolver('./lib/file.js');
r('./relative'); // './relative.js'
r('foo-test-package-name'); // '../node_modules/foo-test-package-name/index.js'
Resolution logic is actually the same for any files in the same directory, so resolver objects can be reused (and they have a small bit of cache).
The resolved path is returned relative to the importer of that file, not your process' current directory.
You can set the resolveToAbsolute
option if you'd always like an absolute path.
This implements modern Node resolution, i.e., subpath exports, subpath imports and conditional exports. By default, it will rewrite to the "browser", "import" or "default" keys (not "node", as it's expected that you'll use this for browser builds).
It fails gracefully in many ways, including falling back to real paths if exports aren't defined. It will also remove imports that point purely to ".d.ts" files (you don't need to create peer JS).
You can configure all these options via the resolver's second argument, e.g.:
// Resolves for Node, and allows .mjs files.
const r = buildResolver('./lib/file.js', {
constraints: 'node',
matchNakedMjs: true,
});
// If there's a file "foo.mjs", this will now work:
r('./foo'); // './foo.mjs'
// Or if we're importing package with a node constraint:
r('node-only'); // '../node-modules/node-only/build-for-node.js'
FAQs
Resolves ESM imports in Node
The npm package esm-resolve receives a total of 95,995 weekly downloads. As such, esm-resolve popularity was classified as popular.
We found that esm-resolve demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.