Security News
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
By Sarah Gooding - Jan 28, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
Introduction
The CommonJS module syntax is one of the most widely accepted conventions in the JavaScript ecosystem. Everyone seems to agree that require and exports are a reasonable way of expressing module dependencies and interfaces, and the tools for managing modular code are getting better all the time.
Much less of a consensus has developed around the best way to deliver CommonJS modules to a web browser, where the synchronous semantics of require pose a non-trivial implementation challenge. This module loader contributes to that confusion, yet also demonstrates that an amply-featured module loader need not stretch into the hundreds or thousands of lines.
Installation
From NPM:
npm install install
From GitHub:
cd path/to/node_modules
git clone git://github.com/benjamn/install.git
cd install
npm install .
Usage
When evaluated, the contents of install.js create a global function called install. This function is the only external interface to the module loader, and it can be called in two ways.
The first way is to pass a module identifier string followed by a module factory function:
install("some/module/id", function(require, exports, module) {
// CommonJS module code goes here.
// For example:
exports.setImmediate = function(callback) {
return setTimeout(callback, 0);
};
});
This makes the module available for requirement, but does not evaluate the contents of the module until the first time another module calls require("some/module/id").
The second way to invoke install is to omit the module identifier and pass an anonymous module factory function:
install(function(require) {
// Code that uses require goes here.
// For example:
require("some/module/id").setImmediate(function() {
console.log("setImmediate fired");
});
});
Anonymous modules are executed in order of installation, as soon as their requirements have been installed. Note that such modules do not have exports objects, because anonymous modules cannot be required.
Sugar
If a named module has no requirements and does not need its own scope, the following shorthand can be used to install the module:
install("simple/module", { exports: {
one: 1,
two: 2,
buckle: "my shoe"
}});
FAQs
Minimal JavaScript module loader
The npm package install receives a total of 423,373 weekly downloads. As such, install popularity was classified as popular.
We found that install demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 01 Dec 2014
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
By Sarah Gooding - Jan 24, 2025
Security News
cURL Project and Go Security Teams Reject CVSS as Broken
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
By Sarah Gooding - Jan 24, 2025