Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The require-at npm package allows you to require modules from a specific path, essentially letting you control the module resolution process. This can be particularly useful in scenarios where you need to load a module relative to a different directory than the current one.
Require a module from a specific path
This feature allows you to require a module as if the require call was made from a different directory. This can be useful for loading modules in a controlled environment or from a specific location.
const requireAt = require('require-at');
const someModule = requireAt('/path/to/directory')('some-module');
Resolve a module path from a specific path
This feature allows you to resolve the path of a module as if the resolution was done from a different directory. This can be useful for determining the exact path of a module without actually loading it.
const requireAt = require('require-at');
const modulePath = requireAt('/path/to/directory').resolve('some-module');
The resolve package provides a function that mimics the Node.js require.resolve() algorithm, with additional features like custom module resolution paths. It is more flexible in terms of configuration but does not directly provide the ability to require modules from a specific path.
The app-module-path package allows you to add custom directories to the Node.js module search path. This can be useful for setting up a custom module resolution strategy, but it modifies the global module search path, unlike require-at which is more scoped and controlled.
The rechoir package allows you to require files with different extensions and transpile them on the fly. While it provides a way to load modules in a controlled manner, its primary focus is on supporting different file types rather than resolving modules from specific paths.
Allow you to call require
or require.resolve
pretending that you are at another directory.
Given the directory structure below with two NodeJS apps:
app1
|-+ foo
| +-- index.js
| +--+ node_modules
| +--+ x
| + ...
app2
|-+ bar
| +-- index.js
| +--+ node_modules
| +--+ y
| + ...
When you call require("x")
in /app1/foo/index.js
, NodeJS will search and find module x
there.
Now from the same file, if you want to resolve the module y
under the directory /app2/bar
, you have to use an absolute or relative path directly pointing to y
, and you may have to do some searching, probably re-implementing Node's module searching algorithm if you don't know exactly where y
could be.
However, in the file /app2/bar/index.js
, it can just do require("y")
and Node would automatically find the module for it, because that file is at the location where y
is under.
What if from the file /app1/foo/index.js
, you can call require
as if you were at the directory /app2/bar
, then you would be able to utilize Node's module searching automatically.
To achieve this, most other implementations choose to re-implement Node's module searching algorithm.
This module's approach is to tap into Node's module
and let it do the work.
$ npm install require-at --save
A single function is exported.
requireAt(dir, [request])
dir
, then it returns a require
function that's been binded to the directory dir
. You can use it to load any module as if you are at dir
.
require.resolve
with the same effect.dir
and a request
, then it will load and return the module request
as if at dir
.const requireAt = require("require-at");
// get back a require binded to /another/dir
const requireAtAnother = requireAt("/another/dir/");
const modXPath = requireAtAnother.resolve("modX");
const modX = requireAtAnother("modX");
// load modY at /another/yet/dir directly
const modY = requireAt("/another/yet/dir", "modY");
Apache-2.0 © Joel Chen
FAQs
Call require pretending your are at another directory
We found that require-at demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.