Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
module-grapher
Advanced tools
module-grapher
resolves CommonJS module dependencies through recursive static analysis.
Although itself a node.js program, module-grapher
's main target is client-side code.
While it can be used to build dependency graphs of node programs, it is unaware of node's special node_modules
directory or NPM's nested package dependencies conventions. In fact, module-grapher
is totally unaware of packages at large (it supports search paths, however). Programs relying on external packages will need to install them via a package manager like Kris Zyp's excellent CPM. module-grapher
is designed to resolve module dependencies, not package dependencies.
In the future, module-grapher
might become package-aware to handle cases where multiple versions of the same package are required, but this is not currently a priority.
module-grapher
supports CoffeeScript and can be easily extended to support other languages which compile to JavaScript.
module-grapher
is available as an NPM module.
$ npm install module-grapher
module-grapher
accepts an filepath, source code or module identifier as input.
To get dependencies from a module:
require('module-grapher').graph('foo', {
paths: ['./lib', './vendor'], // defaults to the equivalent of ['.']
root: 'path/to/package/root/' // defaults to process.cwd()
}, callback);
Other options include:
extensions
(defaults to ['.js', '.coffee']
): an array of supported extensions.allowDirModules
: Also search for modules in the index file of the directory named after them. So look for module foo/bar
not only in foo/bar.js
but also in foo/bar/index.js
. Defaults to false
.allowMissingModules
: don't throw when a module is missing. Just mark it as such. Defaults to false
.allowDynamicModuleIdentifiers
: don't throw when the identifier of module isn't a string. Defaults to false
.Your choice of MIT or Apache, Version 2.0 licenses. module-grapher
is copyright 2010 Tobie Langel.
FAQs
Programatically finds and resolves CommonJS module dependencies.
We found that module-grapher demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.