Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A dead-simple tool to add import
/ export
ES Module syntax to your browserify builds.
The plugin makes the following changes to your bundler:
.mjs
extension to module resolution (which take precedence over .js
files)"module"
field in package.json
when a "browser"
field is not specifiedimport
/ export
statements) into CommonJSUse it with the --plugin
or -p
flags in browserify:
browserify index.js -p esmify > bundle.js
Also works with budo and similar tools, for example:
budo index.js --live -- -p esmify
Files that don't contain import
/ export
syntax are ignored, as are dynamic import expressions. The plugin runs across your bundle (including node_modules
) in order to support ESM-authored modules on npm.
Use npm to install.
npm install esmify --save-dev
Also can be used via API like so:
browserify({
plugin: [
[ require('esmify'), { /* ... options ... */ } ]
]
});
plugin = esmify(bundler, opt = {})
Returns a browswerify plugin function that operates on bundler
with the given options:
mainFields
which describes the order of importance of fields in package.json resolution, defaults to [ 'browser', 'module', 'main' ]
nodeModules
(default true
) to disable the transform on your node_modules
tree, set this to false
. This will speed up bundling but you may run into issues when trying to import ESM-published code from npm.plainImports
(Experimental) this feature will map named imports directly to their CommonJS counterparts, without going through Babel's inter-op functions. This is generally needed for static analysis of fs
, path
and other tools like glslify
in browserify. Defaults to [ 'fs', 'path', 'glslify' ]
.Under the hood, this uses Babel and plugin-transform-modules-commonjs
to provide robust inter-op that handles a variety of use cases.
require('esmify/resolve')(id, opts, cb)
Resolve the given id
using the module resolution algorithm from esmify
, accepting { mainFields }
array to opts as well as other options passed to resolve and browser-resolve.
Works like so:
"browser"
field, use browser-resolve
, otherwise use resolve
mainFields
, the first field that exists will be usedMIT, see LICENSE.md for details.
FAQs
parse and handle import/export for browserify
We found that esmify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.