node-module-concat
Advanced tools
Comparing version 1.3.0 to 1.4.0
96
index.js
@@ -81,2 +81,4 @@ /* node-module-concat | ||
try, catch block to prevent uncaught exceptions. | ||
- `includeNodeModules` - Set to `true` if node_modules should be | ||
included in the `outputFile` | ||
- `cb` - Callback of the form `cb(err, files)` where `files` is an Array | ||
@@ -98,4 +100,18 @@ of files that have been included in the project. | ||
} | ||
// Ensure that `includeNodeModules` will work properly | ||
var _nodeModulePaths; | ||
if(opts.includeNodeModules) { | ||
try { | ||
_nodeModulePaths = require("module")._nodeModulePaths; | ||
if(typeof _nodeModulePaths !== "function") { | ||
opts.includeNodeModules = false; | ||
} | ||
} catch(err) { | ||
opts.includeNodeModules = false; | ||
} | ||
} | ||
// A list of all of the files read and included in the output thus far | ||
var files = []; | ||
// A list of all of the native modules not included in the output thus far | ||
var nativeModules = []; | ||
// The file descriptor pointing to the `outputFile` | ||
@@ -124,6 +140,6 @@ var fd; | ||
fs.close(fd, function(closeErr) { | ||
cb(err || closeErr, files); | ||
cb(err || closeErr, files, nativeModules); | ||
}); | ||
} else { | ||
cb(err, files); | ||
cb(err, files, nativeModules); | ||
} | ||
@@ -153,7 +169,19 @@ }); | ||
}, function processFile(code) { | ||
// Remove some line comments from code | ||
code = code.replace(/(?:\r\n?|\n)\s*\/\/.*/g, ""); | ||
// Scan file for `require(...)`, `__dirname`, and `__filename` | ||
var requireRegex = /require\s*\(\s*(\s*["'])((?:(?=(\\?))\3.)*?)\1\s*\)/g, | ||
/* Quick notes about the somewhat intense `requireRegex`: | ||
- require('...') and require("...") is matched | ||
- The single or double quote matched is group 1 | ||
- Whitespace can go anywhere | ||
- The module path matched is group 2 | ||
- Backslashes are allowed as escape characters only if followed | ||
by another backlash (to support Windows paths) | ||
*/ | ||
var requireRegex = /require\s*\(\s*(["'])((?:(?:(?!\1)[^\\]|(?:\\\\)))*)\1\s*\)/g, | ||
dirnameRegex = /__dirname/g, | ||
filenameRegex = /__filename/g; | ||
code = code.replace(requireRegex, function(match, quote, modulePath) { | ||
// First thing is to replace "\\" with "\" | ||
modulePath = modulePath.replace("\\\\", "\\"); | ||
// Check to see if this require path begins with "./" or "../" or "/" | ||
@@ -165,18 +193,3 @@ if(modulePath.match(/^\.?\.?\//) !== null) { | ||
) ); | ||
// Lookup this module's ID | ||
var index = files.indexOf(modulePath); | ||
if(index < 0) { | ||
// Not found; add this module to the project | ||
if(!opts.excludeFiles || | ||
opts.excludeFiles.indexOf(modulePath) < 0) | ||
{ | ||
index = files.push(modulePath) - 1; | ||
} | ||
else { | ||
// Ignore; do not replace | ||
return match; | ||
} | ||
} | ||
// Replace the `require` statement with `__require` | ||
return "__require(" + index + ")"; | ||
// Include module in project at end of this function | ||
} catch(e) { | ||
@@ -186,2 +199,22 @@ // Ignore; do not replace | ||
} | ||
} else if(opts.includeNodeModules) { | ||
var oldPaths = module.paths; | ||
/* Temporarily overwrite `module.paths` to make | ||
`require.resolve` work properly */ | ||
module.paths = _nodeModulePaths(path.dirname(filePath) ); | ||
try { | ||
var modulePath = require.resolve(modulePath); | ||
} catch(err) { | ||
// Module not found; do not replace | ||
return match; | ||
} finally { | ||
// Restore old `module.paths` | ||
module.paths = oldPaths; | ||
} | ||
// Detect core module | ||
if(modulePath.match(/^[a-z_]+$/) ) { | ||
// Core module; do not replace | ||
return match; | ||
} | ||
// Include module in project at end of this function | ||
} else { | ||
@@ -191,2 +224,27 @@ // Ignore; do not replace | ||
} | ||
/* If we reached this point, we need to include `modulePath` | ||
in our project */ | ||
// If this is a native module, abort | ||
if(path.extname(modulePath).toLowerCase() === ".node") { | ||
// This is a native module; do not replace | ||
nativeModules.push(modulePath); | ||
return match; | ||
} | ||
// Lookup this module's ID | ||
var index = files.indexOf(modulePath); | ||
if(index < 0) { | ||
// Not found; add this module to the project | ||
if(!opts.excludeFiles || | ||
opts.excludeFiles.indexOf(modulePath) < 0) | ||
{ | ||
index = files.push(modulePath) - 1; | ||
} | ||
else { | ||
// Ignore; do not replace | ||
return match; | ||
} | ||
} | ||
// Replace the `require` statement with `__require` | ||
var parentIndex = files.indexOf(filePath); | ||
return "__require(" + index + "," + parentIndex + ")"; | ||
}) | ||
@@ -193,0 +251,0 @@ // Replace `__dirname` with `__getDirname(...)` |
@@ -15,3 +15,3 @@ /* This header is placed at the beginning of the output file and defines the | ||
otherwise, execute and cache it first. */ | ||
function __require(uid) { | ||
function __require(uid, parentUid) { | ||
if(!__moduleIsCached[uid]) { | ||
@@ -22,3 +22,5 @@ // Populate the cache initially with an empty `exports` Object | ||
if(uid === 0) { | ||
require.main = __modulesCache[uid]; | ||
require.main = __modulesCache[0]; | ||
} else { | ||
__modulesCache[uid].parent = __modulesCache[parentUid]; | ||
} | ||
@@ -25,0 +27,0 @@ /* Note: if this module requires itself, or if its depenedencies |
{ | ||
"name": "node-module-concat", | ||
"version": "1.3.0", | ||
"version": "1.4.0", | ||
"description": "Node.js module concatenation library", | ||
@@ -22,2 +22,3 @@ "main": "index.js", | ||
"obfuscation", | ||
"obfuscate", | ||
"require" | ||
@@ -24,0 +25,0 @@ ], |
@@ -43,4 +43,8 @@ # node-module-concat | ||
try, catch block to prevent uncaught exceptions. | ||
- `cb` - Callback of the form `cb(err, files)` where `files` is an Array | ||
of files that have been included in the project. | ||
- `includeNodeModules` - Set to `true` if node_modules should also be | ||
included in the project. | ||
- `cb` - Callback of the form `cb(err, files, nativeModules)` where `files` is | ||
an Array of files that have been included in the project and | ||
`nativeModules` is an Array of native modules that were found (but not | ||
included) when scanning the project. | ||
@@ -47,0 +51,0 @@ ## Known limitations |
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
18185
368
55
6