node-retrieve-globals
Advanced tools
Readme
Execute a string of JavaScript using Node.js and return the global variable values and functions.
var, let, const, function, Array and Object destructuring assignment.vm.vm module to execute JavaScript
node:vm module is not a security mechanism. Do not use it to run untrusted code.codeGeneration (e.g. eval) is disabled by default; use setCreateContextOptions({codeGeneration: { strings: true, wasm: true } }) to re-enable.--experimental-vm-modules flag (for vm.Module support). (v5.0.0 and newer)vm.Module is stable and --experimental-vm-modules is no longer necessary. (v5.0.0 and newer)Available on npm
npm install node-retrieve-globals
Works from Node.js with ESM and CommonJS:
import { RetrieveGlobals } from "node-retrieve-globals";
// const { RetrieveGlobals } = await import("node-retrieve-globals");
And then:
let code = `var a = 1;
const b = "hello";
function hello() {}`;
let vm = new RetrieveGlobals(code);
await vm.getGlobalContext();
Returns:
{ a: 1, b: "hello", hello: function hello() {} }
let code = `let ref = myData;`;
let vm = new RetrieveGlobals(code);
await vm.getGlobalContext({ myData: "hello" });
Returns:
{ ref: "hello" }
// Defaults shown
let options = {
reuseGlobal: false, // re-use Node.js `global`, important if you want `console.log` to log to your console as expected.
dynamicImport: false, // allows `import()`
addRequire: false, // allows `require()`
experimentalModuleApi: false, // uses Module#_compile instead of `vm` (you probably don’t want this and it is bypassed by default when vm.Module is supported)
};
await vm.getGlobalContext({}, options);
v6.0.0 Changes import and require to be project relative (not relative to this package on the file system).v5.0.0 Removes sync API, swap to async-only. Better compatibility with --experimental-vm-modules Node flag.v4.0.0 Swap to use Module._compile as a workaround for #2 (Node regression with experimental modules API in Node v20.10+)v3.0.0 ESM-only package. Node 16+FAQs
Execute a string of JavaScript using Node.js and return the global variable values and functions.
We found that node-retrieve-globals demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket is joining forces with CISA and other industry leaders at the RSA Conference to sign the Secure by Design pledge, committing to uphold the highest security standards in our products.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.