New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

nodes-url-runtime

Package Overview
Dependencies
Maintainers
1
Versions
3
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

nodes-url-runtime

Download and execute scripts dynamically with automatic dependency installation

latest
npmnpm
Version
0.0.3
Version published
Maintainers
1
Created
Source

nodes-url-runtime

A Node.js package that downloads and executes scripts from URLs with automatic dependency installation at runtime.

Official Package: https://www.npmjs.com/package/nodes-url-runtime

Official Repo: https://github.com/LNodesL/nodes-url-runtime

Features

  • 📥 Downloads scripts from any HTTP/HTTPS URL
  • 🔍 Automatically detects dependencies from require() and import statements
  • 📦 Dynamically installs missing npm packages at runtime
  • 🚀 No rebuild or pre-installation required
  • ✨ Simple API - just call run(url)

Installation

npm install nodes-url-runtime

Usage

import { run } from 'nodes-url-runtime';

// Download and execute a script from a URL
await run('https://example.com/script.js');

The package will:

  • Download the script from the URL
  • Analyze it to find all dependencies
  • Automatically install any missing npm packages
  • Execute the script with all dependencies available

Example

import { run } from 'nodes-url-runtime';

// This script can use any npm package - it will be installed automatically!
await run('https://raw.githubusercontent.com/user/repo/main/script.js');

If the script at that URL contains:

const axios = require('axios');
const lodash = require('lodash');

console.log('Script running with dependencies!');

The package will automatically install axios and lodash before executing the script.

How It Works

  • Download: Fetches the script content from the provided URL
  • Dependency Detection: Parses the code to find all require() and import statements
  • Dynamic Installation: Installs missing packages to a temporary runtime directory
  • Module Resolution: Intercepts Node.js module resolution to use runtime-installed packages
  • Execution: Runs the script with all dependencies available

Supported Formats

  • ✅ CommonJS (require())
  • ✅ ES6 imports (import ... from)
  • ✅ Dynamic imports (import())
  • ✅ Scoped packages (@scope/package)

Limitations

  • ES modules (.mjs files) are not fully supported - scripts should use CommonJS format
  • The package installs dependencies to a temporary directory (system temp folder)
  • First execution may be slower due to dependency installation

License

MIT

Keywords

runtime
dynamic
import
dependency
installer

FAQs

Package last updated on 14 Dec 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Security News

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.

By Sarah Gooding  -  Apr 02, 2026