Research
PyPI Package Impersonates SymPy to Deliver Cryptomining Malware
Malicious PyPI package sympy-dev targets SymPy users, a Python symbolic math library with 85 million monthly downloads.
By Kirill Boychenko -  Jan 21, 2026
🚀 Launch Week Day 2:Introducing Custom Tabs for Org Alerts.Learn More →
quire
Mock or stub your CommonJS (Node.js) require() statements.
Why?
This is just a proof of concept so that I can attempt to get rid of Jest... Jest is super sloooooooow.
Usage
Consider the following module:
mymodule.js:
var sr = require('secure-random')
module.exports = {
doSomething: function(name) {
return {
name: name,
secretNumber: sr.randomBuffer(4)
}
}
}
Let's say that you want to test it now, but since sr.randomBuffer() returns random data, it complicates things. Your test may have looked like:
it('should not do something', function() {
var mod = require('./mymodule.js')
var res = mod.doSomething('JP')
assert.equal(res.name, 'JP')
assert(Buffer.isBuffer(res.secretNumber))
assert.equal(res.secretNumber.toString('hex').length, 8)
})
now you can simply just change your require() to quire():
it('should not do something', function() {
var stub = {
'secure-random': {
randomBuffer: function() {
return new Buffer([1,2,3,4])
}
}
}
//var mod = require('./mymodule.js')
var mod = quire('./mymodule.js', stub)
var res = mod.doSomething('JP')
assert.equal(res.name, 'JP')
assert(Buffer.isBuffer(res.secretNumber))
assert.equal(res.secretNumber.toString('hex').length, 8)
assert.equal(res.secretNumber.toString('hex'), (new Buffer([1,2,3,4])).toString('hex'))
})
Alternatives
The alternatives modify require() whereas quire does not modify require(), rather, it just rewrites your sourcecode with the stub. The alternatives way overcomplicate things IMHO.
Browserify
Browserify version hopefully coming soon.
FAQs
Stupidly simple stubbing/mocking for your require statements.
The npm package quire receives a total of 2 weekly downloads. As such, quire popularity was classified as not popular.
We found that quire demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 09 Jan 2015
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Custom Tabs for Org Alerts
Create and share saved alert views with custom tabs on the org alerts page, making it easier for teams to return to consistent, named filter sets.
By André Staltz -  Jan 20, 2026
Product
Rust Support in Socket Is Now Generally Available
Socket’s Rust and Cargo support is now generally available, providing dependency analysis and supply chain visibility for Rust projects.
By Trevor Norris -  Jan 19, 2026