Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
By Sarah Gooding - Apr 23, 2024
require-in-the-middle
Advanced tools
- Version published
- Weekly downloads
- 5M
- increased by0.35%
- Maintainers
- 2
- Install size
- 293 kB
- Created
- Weekly downloads
Package description
What is require-in-the-middle?
The require-in-the-middle package allows for the interception and modification of Node.js module loading. This can be particularly useful for instrumentation, logging, or modifying module behavior at runtime without altering the original module code.
What are require-in-the-middle's main functionalities?
Intercepting module loading
This feature allows you to intercept the loading of specific modules (e.g., 'http') and execute custom logic, such as logging when a module is loaded. The callback function receives the exports of the module, the name of the module, and the base directory.
const hook = require('require-in-the-middle');
hook(['http'], { internals: true }, (exports, name, basedir) => {
console.log(`Module loaded: ${name}`);
return exports;
});Modifying module exports
This demonstrates how to modify the exports of a module, in this case, 'express'. It wraps the original express function in a new function that logs a message every time it is called before proceeding with the original behavior.
const hook = require('require-in-the-middle');
hook(['express'], (exports, name) => {
const originalFunction = exports;
function modifiedFunction() {
console.log('Express function called');
return originalFunction.apply(this, arguments);
}
return modifiedFunction;
});Other packages similar to require-in-the-middle
shimmer
Shimmer is a package for wrapping and replacing Node.js module methods. It is similar to require-in-the-middle in its ability to modify module behavior at runtime, but it focuses more on individual method manipulation rather than intercepting module loading.
proxyquire
Proxyquire allows for the overriding of modules during testing by intercepting 'require' calls. It is similar to require-in-the-middle in that it manipulates module loading, but it is specifically designed for testing scenarios, making it easier to mock modules.
Changelog
v7.3.0
- Module name args passed to a
Hookwill now match against package entry points defined by "exports" in package.json. https://nodejs.org/api/packages.html#package-entry-points (https://github.com/elastic/require-in-the-middle/pull/82)
Readme
require-in-the-middle
Hook into the Node.js require function. This allows you to modify
modules on-the-fly as they are being required.
Installation
npm install require-in-the-middle --save
Usage
const path = require('path')
const { Hook } = require('require-in-the-middle')
// Hook into the express and mongodb module
new Hook(['express', 'mongodb'], function (exports, name, basedir) {
const version = require(path.join(basedir, 'package.json')).version
console.log('loading %s@%s', name, version)
// expose the module version as a property on its exports object
exports._version = version
// whatever you return will be returned by `require`
return exports
})
API
The require-in-the-middle module exposes a single function:
hook = new Hook([modules][, options], onrequire)
When called a hook object is returned.
Arguments:
modules<string[]> An optional array of module names to limit which modules trigger a call of theonrequirecallback. If specified, this must be the first argument. Both regular modules (e.g.react-dom) and sub-modules (e.g.react-dom/server) can be specified in the array.options<Object> An optional object containing fields that change when theonrequirecallback is called. If specified, this must be the second argument.options.internals<boolean> Specifies whetheronrequireshould be called when module-internal files are loaded; defaults tofalse.
onrequire<Function> The function to call when a module is required.
The onrequire callback will be called the first time a module is
required. The function is called with three arguments:
exports<Object> The value of themodule.exportsproperty that would normally be exposed by the required module.name<string> The name of the module being required. Ifoptions.internalswas set totrue, the path of module-internal files that are loaded (relative tobasedir) will be appended to the module name, separated bypath.sep.basedir<string> The directory where the module is located, orundefinedfor core modules.
Return the value you want the module to expose (normally the exports
argument).
hook.unhook()
Removes the onrequire callback so that it will not be triggerd by
subsequent calls to require().
License
FAQs
Module to hook into the Node.js require function
The npm package require-in-the-middle receives a total of 4,043,126 weekly downloads. As such, require-in-the-middle popularity was classified as popular.
We found that require-in-the-middle demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Last updated on 26 Mar 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
By Sarah Gooding - Apr 19, 2024
Research
Security News
npm Package for ReExt React Components Library Exfiltrates Git Credentials
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
By Sarah Gooding, Socket Research Team - Apr 18, 2024