Sign inDemoInstall


Package Overview
File Explorer

Advanced tools

Install Socket

Protect your apps from supply chain attacks



Properly hijack require, i.e., properly define require hooks and customizations


Version published
Weekly downloads
increased by5.25%

Weekly downloads

Package description

What is pirates?

The pirates npm package is designed to add hooks to Node.js's require function, allowing developers to modify the behavior of module loading. This can be particularly useful for tasks such as compiling code on-the-fly, implementing custom loaders, or applying transformations to module sources before they are executed.

What are pirates's main functionalities?

Adding a hook to require

This feature allows you to add a custom transformation hook to Node.js's require function for files with specific extensions. In the code sample, a hook is added for '.js' files, where you can transform the code before it's executed. The `revert` function can be called to remove the hook.

const { addHook } = require('pirates');

const revert = addHook((code, filename) => {
  // Transform the code here
  return code;
}, {
  exts: ['.js']

Other packages similar to pirates



Pirates Coverage

Properly hijack require


Two reasons:

  1. Babel and istanbul were breaking each other.
  2. Everyone seemed to re-invent the wheel on this, and everyone wanted a solution that was DRY, simple, easy to use, and made everything Just Work™, while allowing multiple require hooks, in a fashion similar to calling super.

For some context, see the Babel issue thread which started this all, then the nyc issue thread, where discussion was moved (as we began to discuss just using the code nyc had developed), and finally to #1 where discussion was finally moved.


npm install --save pirates


Using pirates is really easy:

// my-module/register.js
const addHook = require('pirates').addHook;
// Or if you use ES modules
// import { addHook } from 'pirates';

function matcher(filename) {
  // Here, you can inspect the filename to determine if it should be hooked or
  // not. Just return a truthy/falsey. Files in node_modules are automatically ignored,
  // unless otherwise specified in options (see below).

  // TODO: Implement your logic here
  return true;

const revert = addHook(
  (code, filename) => code.replace('@@foo', 'console.log(\'foo\');'),
  { exts: ['.js'], matcher }

// And later, if you want to un-hook require, you can just do:


pirates.addHook(hook, [opts={ [matcher: true], [exts: ['.js']], [ignoreNodeModules: true] }]);

Add a require hook. hook must be a function that takes (code, filename), and returns the modified code. opts is an optional options object. Available options are: matcher, which is a function that accepts a filename, and returns a truthy value if the file should be hooked (defaults to a function that always returns true), falsey if otherwise; exts, which is an array of extensions to hook, they should begin with . (defaults to ['.js']); ignoreNodeModules, if true, any file in a node_modules folder wont be hooked (the matcher also wont be called), if false, then the matcher will be called for any files in node_modules (defaults to true).

Projects that use Pirates

See the wiki page. If you add Pirates to your project, (And you should! It works best if everyone uses it. Then we can have a happy world full of happy require hooks!), please add yourself to the wiki.


Last updated on 20 Jun 2023

Did you know?

Socket installs a GitHub app to automatically flag issues on every pull request and report the health of your dependencies. Find out what is inside your node modules and prevent malicious activity before you update the dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc