require-in-the-middle - npm Package Compare versions

Comparing version 7.1.0 to 7.1.1

index.js

@@ -8,3 +8,2 @@ 'use strict'
 const moduleDetailsFromPath = require('module-details-from-path')
-const assert = require('assert')
 
@@ -57,2 +56,3 @@ // Using the default export is discouraged, but kept for backward compatibility.
 // Exports for built-in (a.k.a. "core") modules are stored in an internal Map.
+//
 // Exports for non-core modules are stored on a private field on the `Module`
@@ -63,5 +63,9 @@ // object in `require.cache`. This allows users to delete from `require.cache`
 // https://nodejs.org/docs/latest/api/all.html#all_modules_requirecache
+//
+// In some special cases -- e.g. some other `require()` hook swapping out
+// `Module._cache` like `@babel/register` -- a non-core module won't be in
+// `require.cache`. In that case this falls back to caching on the internal Map.
 class ExportsCache {
   constructor () {
-    this._exportsFromBuiltinId = new Map()
+    this._localCache = new Map() // <module filename or id> -> <exports>
     this._kRitmExports = Symbol('RitmExports')
@@ -71,7 +75,9 @@ }
   has (filename, isBuiltin) {
-    if (isBuiltin) {
-      return this._exportsFromBuiltinId.has(filename)
-    } else {
+    if (this._localCache.has(filename)) {
+      return true
+    } else if (!isBuiltin) {
       const mod = require.cache[filename]
       return !!(mod && this._kRitmExports in mod)
+    } else {
+      return false
     }
@@ -81,5 +87,6 @@ }
   get (filename, isBuiltin) {
-    if (isBuiltin) {
-      return this._exportsFromBuiltinId.get(filename)
-    } else {
+    const cachedExports = this._localCache.get(filename)
+    if (cachedExports !== undefined) {
+      return cachedExports
+    } else if (!isBuiltin) {
       const mod = require.cache[filename]
@@ -92,6 +99,8 @@ return (mod && mod[this._kRitmExports])
     if (isBuiltin) {
-      this._exportsFromBuiltinId.set(filename, exports)
+      this._localCache.set(filename, exports)
+    } else if (filename in require.cache) {
+      require.cache[filename][this._kRitmExports] = exports
     } else {
-      assert(filename in require.cache, `unexpected that there is no Module entry for "${filename}" in require.cache`)
-      require.cache[filename][this._kRitmExports] = exports
+      debug('non-core module is unexpectedly not in require.cache: "%s"', filename)
+      this._localCache.set(filename, exports)
     }
@@ -98,0 +107,0 @@ }

package.json

 {
   "name": "require-in-the-middle",
-  "version": "7.1.0",
+  "version": "7.1.1",
   "description": "Module to hook into the Node.js require function",
@@ -5,0 +5,0 @@ "main": "index.js",

New alerts

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 2 instances in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 2 instances in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

16109

2.38%

Lines of code

258

3.61%

Worsened metrics

Number of low supply chain risk alerts

6

20%

No dependency changes