Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
module-grapher
Advanced tools
module-grapher
resolves CommonJS module dependencies through recursive static analysis.
Although itself a node.js program, module-grapher
's main target is client-side code.
While it can be used to build dependency graphs of node programs, it is unaware of node's special node_modules
directory or NPM's nested package dependencies conventions. In fact, module-grapher
is totally unaware of packages at large (it supports search paths, however). Programs relying on external packages will need to install them via a package manager like Kris Zyp's excellent CPM. module-grapher
is designed to resolve module dependencies, not package dependencies.
In the future, module-grapher
might become package-aware to handle cases where multiple versions of the same package are required, but this is not currently a priority.
module-grapher
supports CoffeeScript and can be easily extended to support other languages which compile to JavaScript.
module-grapher
is available as an NPM module.
$ npm install module-grapher
module-grapher
accepts an filepath, source code or module identifier as input.
To get dependencies from a module:
require('module-grapher').graph('foo', {
paths: ['./lib', './vendor'], // defaults to the equivalent of ['.']
root: 'path/to/package/root/' // defaults to process.cwd()
}, callback);
Other options include:
extensions
(defaults to ['.js', '.coffee']
): an array of supported extensions.allowDirModules
: Also search for modules in the index file of the directory named after them. So look for module foo/bar
not only in foo/bar.js
but also in foo/bar/index.js
. Defaults to false
.allowMissingModules
: don't throw when a module is missing. Just mark it as such. Defaults to false
.allowDynamicModuleIdentifiers
: don't throw when the identifier of module isn't a string. Defaults to false
.Your choice of MIT or Apache, Version 2.0 licenses. module-grapher
is copyright 2010 Tobie Langel.
FAQs
Programatically finds and resolves CommonJS module dependencies.
The npm package module-grapher receives a total of 2 weekly downloads. As such, module-grapher popularity was classified as not popular.
We found that module-grapher demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.