Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
import-lazy
Advanced tools
The import-lazy npm package allows for lazy-loading of modules in Node.js. This means that modules are only loaded when they are actually used in the code, which can significantly improve the startup time of applications by reducing the initial load time.
Lazy-loading of CommonJS modules
This feature allows you to lazy-load CommonJS modules. The module is only loaded when a method of the module is called, as demonstrated with the lodash library.
const importLazy = require('import-lazy')(require);
const _ = importLazy('lodash');
console.log(_.isString('hello'));
Lazy-loading of ES Modules
This feature supports lazy-loading of ES Modules. Similar to the CommonJS example, the ES Module is loaded only when a method is invoked.
import importLazy from 'import-lazy';
const _ = importLazy(() => import('lodash-es'));
console.log(_.isString('hello'));
p-lazy is a package that allows for creating lazy promises that are only executed when awaited. While import-lazy is focused on lazy-loading modules, p-lazy deals with the execution of asynchronous operations, making them conceptually similar but functionally different.
lazy-require offers functionality similar to import-lazy by allowing deferred loading of modules. The main difference is in the implementation details and API design, where lazy-require might offer different or additional options for managing module caching and re-loading.
Import a module lazily
$ npm install import-lazy
// Pass in `require` or a custom import function
const importLazy = require('import-lazy')(require);
const _ = importLazy('lodash');
// Instead of referring to its exported properties directly…
_.isNumber(2);
// …it's cached on consecutive calls
_.isNumber('unicorn');
// Works out of the box for functions and regular properties
const stuff = importLazy('./math-lib');
console.log(stuff.sum(1, 2)); // => 3
console.log(stuff.PHI); // => 1.618033
While you may be tempted to do leverage destructuring, like this:
const {isNumber, isString} = importLazy('lodash');
Note that this will cause immediate property access, negating the lazy loading, and is equivalent to:
import {isNumber, isString} from 'lodash';
MIT © Sindre Sorhus
FAQs
Import a module lazily
We found that import-lazy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.