Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
require-uncached
Advanced tools
The require-uncached npm package allows you to require a module while ensuring that it is not cached. This is useful for scenarios where you need to reload a module to get its latest state or changes, such as during testing or dynamic configuration loading.
Require a module without caching
This feature allows you to require a module without it being cached. This means that every time you require the module using require-uncached, it will be freshly loaded, ensuring you get the latest state or changes.
const requireUncached = require('require-uncached');
const myModule = requireUncached('./myModule');
The decache package allows you to remove a module from the require cache, forcing it to be reloaded the next time it is required. Unlike require-uncached, which directly requires a module without caching, decache provides a more manual approach where you first decache the module and then require it again.
The clear-require package provides functionality to clear a module from the require cache. Similar to decache, it requires you to manually clear the cache and then require the module again. This package also offers additional features like clearing all modules from the cache.
Require a module bypassing the cache
Useful for testing purposes when you need to freshly require a module.
$ npm install --save require-uncached
// foo.js
let i = 0;
module.exports = () => ++i;
const requireUncached = require('require-uncached');
require('./foo')();
//=> 1
require('./foo')();
//=> 2
requireUncached('./foo')();
//=> 1
requireUncached('./foo')();
//=> 1
MIT © Sindre Sorhus
FAQs
Require a module bypassing the cache
The npm package require-uncached receives a total of 659,654 weekly downloads. As such, require-uncached popularity was classified as popular.
We found that require-uncached demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.