Research
Using Trusted Protocols Against You: Gmail as a C2 Mechanism
Socket uncovers malicious packages on PyPI using Gmail's SMTP protocol for command and control (C2) to exfiltrate data and execute commands.
By Olivia Brown - Apr 30, 2025
📅 You're Invited: Meet the Socket team at RSAC (April 28 – May 1).RSVP →
requireg 
Require and resolve global modules in node.js like a boss.
Differences with require()
requireg tries to find modules in global locations which are
not natively supported by the node.js module resolve algorithm.
It support both npm/yarn global packages installation paths.
Supported locations:
- $HOME/node_modules (instead of $HOME/.node_modules)
- $HOME/node_libraries (instead of $HOME/.node_libraries)
- $HOME/node_packages (specific of
requireg) - $PREFIX/lib/node_modules (instead of $PREFIX/lib/node)
- $NODE_MODULES (use the specific modules path environment variable)
Resolution priority
- Resolve via native
require()(unless second parameter is true) - User home directory (
$HOMEor%USERPROFILE%) - Node installation path
- $NODE_MODULES (can have different multiple paths, semicolon separated)
- Common operative system installation paths
Installation
$ npm install requireg --save[-dev]
$ yarn add requireg
API
requireg(path: string, onlyGlobal: boolean = false)
Usage
Load global modules
var requireg = require('requireg')
// require a globally installed package
var npm = requireg('npm')
Load only global modules
var requireg = require('requireg')
// require a globally installed package and skip local packages
var eslint = requireg('eslint', true)
Resolve module path
var modulePath = requireg.resolve('npm')
// returns '/usr/local/lib/node_modules/npm/lib/npm.js'
Globalize it
require('requireg').globalize()
Now it is globally available from any source file
var globalModule = requireg('npm')
Module not found
requireg maintains the same behavior as the native require().
It will throw an Error exception if the module was not found
Considerations
- Require global modules in node.js is considered anti-pattern.
Note that you can experiment unreliability or inconsistency across different environments.
I hope you know exactly what you do with
requireg - Only node packages installed with npm or yarn are supported (which means only standardized NPM paths are supported)
Possible extra features
- Custom environment variable with custom path to resolve global modules.
License
Released under MIT license
FAQs
Require and resolve global modules like a boss
The npm package requireg receives a total of 1,076,422 weekly downloads. As such, requireg popularity was classified as popular.
We found that requireg demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 24 May 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
A New Overview in our Dashboard
We redesigned Socket's first logged-in page to display rich and insightful visualizations about your repositories protected against supply chain threats.
By André Staltz - Apr 29, 2025
Product
Introducing Socket Fix for Safe, Automated Dependency Upgrades
Automatically fix and test dependency updates with socket fix—a new CLI tool that turns CVE alerts into safe, automated upgrades.
By John-David Dalton - Apr 25, 2025