Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
node-gyp-build
Advanced tools
The node-gyp-build package is designed to simplify the process of compiling and distributing native Node.js addons. It automatically detects the platform and architecture of the user's system and chooses the correct pre-compiled binary to use, if available. If a pre-compiled binary is not available, it falls back to building from source using node-gyp.
Loading pre-compiled binaries
This code attempts to load a pre-compiled binary for the native addon located in the same directory as the script. If a pre-compiled binary is not available for the current platform, it will attempt to compile the addon from source.
const nativeAddon = require('node-gyp-build')(__dirname)
Building from source
This code snippet demonstrates how to explicitly get the path to the correct binary and then require it. If the binary does not exist, node-gyp-build will attempt to compile the addon from source using the binding.gyp file located in the __dirname directory.
const path = require('path');
const nodeGypBuild = require('node-gyp-build');
const bindingPath = nodeGypBuild.path(__dirname);
const binding = require(bindingPath);
The prebuild package is similar to node-gyp-build in that it also focuses on handling pre-built native binaries for Node.js modules. It allows module authors to pre-compile binaries for various versions of Node.js and platforms, which can then be easily installed by end users. Compared to node-gyp-build, prebuild requires more manual setup for defining prebuild scripts and managing binary uploads and downloads.
node-pre-gyp is another tool that provides a way to publish and install Node.js C++ addons from binaries. It is similar to node-gyp-build but comes with a different set of features and a more complex configuration. node-pre-gyp allows for storing binary packages on remote servers and fetching them during installation, which can be more flexible but also more complex to set up compared to node-gyp-build.
neon-cli is a toolchain for creating native Node.js modules with Rust. While it serves a different purpose by targeting Rust instead of C++, it provides similar functionality in terms of compiling and distributing native modules. It automates the process of building and publishing Rust-based Node addons, which can be seen as an alternative approach to node-gyp-build for developers who prefer Rust over C++.
Build tool and bindings loader for node-gyp that supports prebuilds.
npm install node-gyp-build
Use together with prebuildify to easily support prebuilds for your native modules.
node-gyp-build
works similar to node-gyp build
except that it will check if a build or prebuild is present before rebuilding your project.
It's main intended use is as an npm install script and bindings loader for native modules that bundle prebuilds using prebuildify.
First add node-gyp-build
as an install script to your native project
{
...
"scripts": {
"install": "node-gyp-build"
}
}
Then in your index.js
, instead of using the bindings module use node-gyp-build
to load your binding.
var binding = require('node-gyp-build')(__dirname)
If you do these two things and bundle prebuilds prebuildify your native module will work for most platforms without having to compile on install time AND will work in both node and electron without the need to recompile between usage.
Users can override node-gyp-build
and force compiling by doing npm install --build-from-source
.
If so desired you can bundle more specific flavors, for example musl
builds to support Alpine, or targeting a numbered ARM architecture version.
These prebuilds can be bundled in addition to generic prebuilds; node-gyp-build
will try to find the most specific flavor first. In order of precedence:
arch
is 'arm'
or 'arm64'
:
${platform}${libc}-${arch}-v${arm_version}
${platform}-${arch}-v${arm_version}
${platform}${libc}-${arch}
${platform}-${arch}
The libc
flavor and arm_version
are auto-detected but can be overridden through the LIBC
and ARM_VERSION
environment variables, respectively.
MIT
FAQs
Build tool and bindings loader for node-gyp that supports prebuilds
The npm package node-gyp-build receives a total of 12,347,654 weekly downloads. As such, node-gyp-build popularity was classified as popular.
We found that node-gyp-build demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.