import-in-the-middle
Advanced tools
The 'import-in-the-middle' npm package allows developers to intercept and modify module imports in Node.js. This can be useful for debugging, logging, or altering the behavior of modules without modifying their source code.
Intercepting Module Imports
This feature allows you to intercept the import of specified modules ('fs' and 'path' in this case) and execute custom logic (logging in this example) whenever these modules are imported.
const { addHook } = require('import-in-the-middle');
addHook(['fs', 'path'], (exports, name, baseDir) => {
console.log(`Module ${name} is being imported from ${baseDir}`);
return exports;
});
const fs = require('fs');
const path = require('path');Modifying Module Exports
This feature allows you to modify the exports of a module. In this example, a custom method is added to the 'fs' module.
const { addHook } = require('import-in-the-middle');
addHook(['fs'], (exports, name, baseDir) => {
if (name === 'fs') {
exports.customMethod = () => console.log('Custom method added to fs');
}
return exports;
});
const fs = require('fs');
fs.customMethod(); // Outputs: Custom method added to fsThe 'require-in-the-middle' package provides similar functionality for intercepting and modifying module imports, but it is specifically designed for CommonJS modules using 'require'. It does not support ES modules.
The 'proxyquire' package allows you to override dependencies during testing. It is more focused on providing mock implementations for dependencies, whereas 'import-in-the-middle' is more general-purpose for intercepting and modifying imports.
The 'mock-require' package is used to mock Node.js modules during testing. It allows you to replace modules with mock implementations, similar to 'proxyquire', but it does not provide the same level of interception and modification capabilities as 'import-in-the-middle'.
import-in-the-middle is an module loading interceptor inspired by
require-in-the-middle, but
specifically for ESM modules. In fact, it can even modify modules after loading
time.
The API for
require-in-the-middle is followed as closely as possible as the default
export. There are lower-level addHook and removeHook exports available which
don't do any filtering of modules, and present the full file URL as a parameter
to the hook. See the Typescript definition file for detailed API docs.
You can modify anything exported from any given ESM or CJS module that's imported in ESM files, regardless of whether they're imported statically or dynamically.
import { Hook } from 'import-in-the-middle'
import { foo } from 'package-i-want-to-modify'
console.log(foo) // whatever that module exported
Hook(['package-i-want-to-modify'], (exported, name, baseDir) => {
// `exported` is effectively `import * as exported from ${url}`
exported.foo += 1
})
console.log(foo) // 1 more than whatever that module exported
This requires the use of an ESM loader hook, which can be added with the following command-line option.
node --loader=import-in-the-middle/hook.mjs my-app.mjs
Since --loader has been deprecated you can also register the loader hook programmatically via the Node
module.register()
API. However, for this to be able to hook non-dynamic imports, it needs to be
registered before your app code is evaluated via the --import command-line option.
my-loader.mjs
import * as module from 'module'
module.register('import-in-the-middle/hook.mjs', import.meta.url)
node --import=./my-loader.mjs ./my-code.mjs
When registering the loader hook programmatically, it's possible to pass a list
of modules, file URLs or regular expressions to either exclude or specifically
include which modules are intercepted. This is useful if a module is not
compatible with the loader hook.
Note: This feature is incompatible with the
{internals: true}Hook option
import * as module from 'module'
// Exclude intercepting a specific module by name
module.register('import-in-the-middle/hook.mjs', import.meta.url, {
data: { exclude: ['package-i-want-to-exclude'] }
})
// Only intercept a specific module by name
module.register('import-in-the-middle/hook.mjs', import.meta.url, {
data: { include: ['package-i-want-to-include'] }
})
Note: This feature is experimental and is incompatible with the
{internals: true}Hook option
If you are Hook'ing all modules before they are imported, for example in a
module loaded via the Node.js --import CLI argument, you can configure the
loader to intercept only modules that were specifically hooked.
instrument.mjs
import { register } from 'module'
import { Hook, createAddHookMessageChannel } from 'import-in-the-middle'
const { registerOptions, waitForAllMessagesAcknowledged } = createAddHookMessageChannel()
register('import-in-the-middle/hook.mjs', import.meta.url, registerOptions)
Hook(['fs'], (exported, name, baseDir) => {
// Instrument the fs module
})
// Ensure that the loader has acknowledged all the modules
// before we allow execution to continue
await waitForAllMessagesAcknowledged()
my-app.mjs
import * as fs from 'fs'
// fs will be instrumented!
fs.readFileSync('file.txt')
node --import=./instrument.mjs ./my-app.mjs
require are not affected at all.FAQs
Intercept imports in Node.js
The npm package import-in-the-middle receives a total of 8,337,230 weekly downloads. As such, import-in-the-middle popularity was classified as popular.
We found that import-in-the-middle demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.
Security News
The npm package for the LottieFiles Player web component was hit with a supply chain attack after a software engineer's npmjs credentials were compromised.