Launch Week Day 3: Introducing Organization Notifications in Socket.Learn More →
require-at - npm Package Compare versions
| "use strict"; | ||
| const Module = require("module"); | ||
| // use eval to avoid tripping bundlers | ||
| const xrequire = eval("require"); | ||
| const createRequireFromPath = | ||
| Module.createRequire || | ||
| Module.createRequireFromPath || | ||
| ((filename, dir) => { | ||
| // https://github.com/nodejs/node/blob/1ae0511b942c01c6e0adff98643d350a395bf101/lib/internal/modules/cjs/loader.js#L748 | ||
| // https://github.com/nodejs/node/blob/1ae0511b942c01c6e0adff98643d350a395bf101/lib/internal/modules/cjs/helpers.js#L16 | ||
| const m = new Module(filename); | ||
| m.filename = filename; | ||
| m.paths = Module._nodeModulePaths(dir); | ||
| // don't name this require to avoid tripping bundlers | ||
| function _require(request) { | ||
| // can't use m.require because there's an internal requireDepth thing | ||
| // in the native Module implementation | ||
| return xrequire(resolve(request)); | ||
| } | ||
| function resolve(request, options) { | ||
| return Module._resolveFilename(request, m, false, options); | ||
| } | ||
| _require.resolve = resolve; | ||
| function paths(request) { | ||
| return Module._resolveLookupPaths(request, m, true); | ||
| } | ||
| resolve.paths = paths; | ||
| _require.main = process.mainModule; | ||
| _require.extensions = Module._extensions; | ||
| _require.cache = Module._cache; | ||
| return _require; | ||
| }); | ||
| module.exports = createRequireFromPath; |
+2
-1
| { | ||
| "name": "require-at", | ||
| "version": "1.0.5", | ||
| "version": "1.0.6", | ||
| "main": "require-at.js", | ||
@@ -18,2 +18,3 @@ "description": "Call require pretending your are at another directory", | ||
| "files": [ | ||
| "create-require.js", | ||
| "require-at.js" | ||
@@ -20,0 +21,0 @@ ], |
New alerts
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Fixed alerts
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
5882
29.5%- Number of package files
4
33.33%- Lines of code
61
117.86%Worsened metrics
- Number of low supply chain risk alerts
2
100%- Number of medium supply chain risk alerts
1
Infinity%No dependency changes