Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
node-polyfill-webpack-plugin
Advanced tools
The node-polyfill-webpack-plugin is a plugin for webpack that allows you to inject Node.js core modules into your bundle. It's particularly useful when you're working on a project that is expected to run in an environment where these core modules are not natively available, such as in the browser. This plugin ensures that your code can use Node.js modules like 'path', 'fs', etc., by providing browser-compatible versions of these modules.
Polyfill Node.js core modules
This feature allows you to automatically polyfill Node.js core modules in your webpack bundle. By adding this plugin to your webpack configuration, you ensure that your code can use Node.js modules like 'crypto', 'stream', or 'util' even when running in a browser environment.
const NodePolyfillPlugin = require('node-polyfill-webpack-plugin');
module.exports = {
plugins: [
new NodePolyfillPlugin()
]
};
The 'polyfill-library' is similar to 'node-polyfill-webpack-plugin' in that it provides polyfills for modern web APIs and features for older browsers. However, it focuses more on ECMAScript features and web APIs rather than Node.js core modules.
While 'webpack-node-externals' is designed to exclude node modules during the webpack bundling process for server-side applications, it serves a purpose opposite to 'node-polyfill-webpack-plugin'. Instead of adding Node.js core modules to the bundle, it helps in excluding them to reduce the bundle size for server-side packages.
Polyfill Node.js core modules in Webpack.
This module is only needed for Webpack 5+.
npm install node-polyfill-webpack-plugin
Add the following to your webpack.config.js
:
const NodePolyfillPlugin = require('node-polyfill-webpack-plugin');
module.exports = {
// Other rules...
plugins: [
new NodePolyfillPlugin(),
],
};
console
, process
, and most deprecated/internal Node.js core modules are not polyfilled by default. If you still need to polyfill them, you can use the additionalAliases
option:
const NodePolyfillPlugin = require('node-polyfill-webpack-plugin');
module.exports = {
// Other rules...
plugins: [
new NodePolyfillPlugin({
additionalAliases: ['process', 'punycode'],
}),
],
};
The fs
module resolves to nothing because its functionality cannot replicated in the browser.
Type: object
onlyAliases
is mutually exclusive with excludeAliases
and additionalAliases
.
If you don't want a module to be polyfilled, you can specify aliases to be skipped here.
const NodePolyfillPlugin = require('node-polyfill-webpack-plugin');
module.exports = {
// Other rules...
plugins: [
new NodePolyfillPlugin({
excludeAliases: ['console'],
}),
],
};
Alternatively, you can choose to add certain aliases to the list of polyfilled modules. For example, you can choose to polyfill console
.
const NodePolyfillPlugin = require('node-polyfill-webpack-plugin');
module.exports = {
// Other rules...
plugins: [
new NodePolyfillPlugin({
additionalAliases: ['console'],
}),
],
};
You can also choose to only include certain aliases, ignoring the defaults. For example, you can have only console
polyfilled.
const NodePolyfillPlugin = require('node-polyfill-webpack-plugin');
module.exports = {
// Other rules...
plugins: [
new NodePolyfillPlugin({
onlyAliases: ['console'],
}),
],
};
Buffer
console
process
assert
buffer
console
constants
crypto
domain
events
http
https
os
path
punycode
process
querystring
stream
_stream_duplex
_stream_passthrough
_stream_readable
_stream_transform
_stream_writable
string_decoder
sys
timers
tty
url
util
vm
zlib
FAQs
Polyfill Node.js core modules in Webpack.
The npm package node-polyfill-webpack-plugin receives a total of 1,517,858 weekly downloads. As such, node-polyfill-webpack-plugin popularity was classified as popular.
We found that node-polyfill-webpack-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.