Security News
Crates.io Implements Trusted Publishing Support
Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.
By Sarah Gooding - Jul 16, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
module-from-string
Advanced tools
module-from-string
Load module from string, require and import.
Install
npm install module-from-string
Usage
import { requireFromString, importFromString } from 'module-from-string'
requireFromString("module.exports = 'hi'") // => 'hi'
requireFromString("exports.greet = 'hi'") // => { greet: 'hi' }
;(async () => {
await importFromString("export default 'hi'" ) // => { default: 'hi' }
await importFromString("export const greet = 'hi'") // => { greet: 'hi' }
})()
API
import { TransformOptions } from 'esbuild'
interface Options {
code: string
globals?: Record<string, unknown>
}
declare const requireFromString: (options: string | Options) => any
interface ImportOptions extends Options {
transformOptions?: TransformOptions
}
declare const importFromString: (
options: string | ImportOptions
) => Promise<any>
declare const importFromStringSync: (options: string | ImportOptions) => any
export { importFromString, importFromStringSync, requireFromString }
globals
Underneath the hood, module-from-string uses Node.js built-in vm module to execute code.
const contextModule = new Module(nanoid())
vm.runInNewContext(code, {
exports: contextModule.exports,
module: contextModule,
require,
...globals
})
By default, only the above variables are passed into the contextObject. In order to use other global objects and built-in modules you need to add them to option globals.
requireFromString({
code: 'module.exports = process.cwd()',
globals: { process }
})
importFromStringSync({
code: 'export default process.cwd()',
globals: { process }
})
transformOptions
Function importFromString and importFromStringSync use esbuild to transform ES Module syntax to CommonJS. So it can do much more by providing transform options to esbuild. See esbuild Transform API for documentation.
const { greet } = importFromStringSync({
code: "export const greet: () => string = () => 'hi'",
transformOptions: { loader: 'ts' }
})
greet() // => 'hi'
License
MIT License © 2021 Exuanbo
FAQs
Load module from string using require or import.
The npm package module-from-string receives a total of 26,620 weekly downloads. As such, module-from-string popularity was classified as popular.
We found that module-from-string demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 27 Mar 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Tracking Protestware Spread: 28 npm Packages Affected by Payload Targeting Russian-Language Users
Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.
By Olivia Brown - Jul 15, 2025
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
By Kirill Boychenko - Jul 14, 2025