Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
front-commonjs-require
Advanced tools
browser-side CommonJS require() function.
Add commonjs-require.js
as script src to your site.
<script src="commonjs-require.js"></script>
<script>
require.register("module", function(exports, require, module){
/* Some Module content */
module.exports = "content"
})
alert(require('module'))
</script>
This will alert content
require.register
Browserify requires (scnr) that you use some magic AST/require.resolve mechanism to built your CommonJS package/files for the browser. This is really complex - especially if you have to bundle different files for different sections of your website, use dynamic requires or have circular dependencies.
require(name)
— loads registered module and returns its exports
.require.register(name, fn)
— registers new module. fn
should have signature exports, require, module
.require.list()
— lists all registered modules.commonjs-require emulates the actual loading mechanism from Node.js in that it delegates all require() calls to Module._load() (Module is exposed via the "module" module). This improves support for modules which rely on the Node module system implementation (for example Mockery).
Module._load(request, parent)
- does the actual module loading and instantiationModule._cache
- is the cache of loaded modules, can be cleared by assigning an empty objectModule._resolveFilename
- determines the actual module id (e.g. adds "index" if its missing)MIT
FAQs
browser-side CommonJS require() function.
The npm package front-commonjs-require receives a total of 24 weekly downloads. As such, front-commonjs-require popularity was classified as not popular.
We found that front-commonjs-require demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.