Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
resolve like require.resolve() on behalf of files asynchronously and synchronously
The resolve npm package is a module for resolving file paths within a project. It is particularly useful for resolving the path of a module as Node.js would, taking into account node_modules folders and the package.json file. It can be used both programmatically and as a command-line tool.
Asynchronously resolve the path of a module
This feature allows you to asynchronously find the path of a module from a given base directory. The callback receives the resolved path or an error if the module cannot be found.
const resolve = require('resolve');
resolve('module_name', { basedir: '/some/path' }, function (err, res) {
if (err) console.error(err);
else console.log(res);
});
Synchronously resolve the path of a module
This feature allows you to synchronously find the path of a module from a given base directory. It either returns the resolved path or throws an error if the module cannot be found.
const resolve = require('resolve');
try {
const res = resolve.sync('module_name', { basedir: '/some/path' });
console.log(res);
} catch (err) {
console.error(err);
}
Resolve a module with custom package filter
This feature allows you to specify a custom filter function to modify the package data before the resolution process. This can be useful for redirecting the main entry point of a package.
const resolve = require('resolve');
const opts = {
packageFilter: function (pkg) {
if (pkg.main) {
pkg.main = 'some-other-file.js';
}
return pkg;
}
};
resolve('module_name', opts, function (err, res) {
if (err) console.error(err);
else console.log(res);
});
Command-line interface
The resolve package also provides a command-line interface (CLI) that can be used to resolve the path of a module from the command line.
$ resolve module_name --basedir=/some/path
enhanced-resolve is a library that offers more advanced resolution options and plugins, similar to webpack's resolver. It is more complex and configurable compared to resolve.
browser-resolve is a resolve algorithm that takes browser field in package.json into account. It is similar to resolve but is specifically designed for browser environments.
require-resolve is a package that mimics node's require.resolve function. It is similar to resolve but focuses on mimicking the behavior of Node.js's native require.resolve method.
implements the node require.resolve()
algorithm
such that you can require.resolve()
on behalf of a file asynchronously and
synchronously
asynchronously resolve:
var resolve = require('resolve');
resolve('tap', { basedir: __dirname }, function (err, res) {
if (err) console.error(err)
else console.log(res)
});
$ node example/async.js
/home/substack/projects/node-resolve/node_modules/tap/lib/main.js
synchronously resolve:
var resolve = require('resolve');
var res = resolve.sync('tap', { basedir: __dirname });
console.log(res);
$ node example/sync.js
/home/substack/projects/node-resolve/node_modules/tap/lib/main.js
var resolve = require('resolve')
Asynchronously resolve the module path string pkg
into cb(err, res)
.
options are:
opts.basedir - directory to begin resolving from
opts.package - package from which module is being loaded
opts.extensions - array of file extensions to search in order
opts.readFile - how to read files asynchronously
opts.isFile - function to asynchronously test whether a file exists
opts.packageFilter - transform the parsed package.json contents before looking at the "main" field
opts.paths - require.paths array to use if nothing is found on the normal node_modules recursive walk (probably don't use this)
opts.moduleDirectory - directory (or directories) to recursively look for modules in. default:
"node_modules"
default opts
values:
{
paths: [],
basedir: __dirname,
extensions: [ '.js' ],
readFile: fs.readFile,
isFile: function (file, cb) {
fs.stat(file, function (err, stat) {
if (err && err.code === 'ENOENT') cb(null, false)
else if (err) cb(err)
else cb(null, stat.isFile())
});
},
moduleDirectory: 'node_modules'
}
Synchronously resolve the module path string pkg
, returning the result and
throwing an error when pkg
can't be resolved.
options are:
opts.basedir - directory to begin resolving from
opts.extensions - array of file extensions to search in order
opts.readFile - how to read files synchronously
opts.isFile - function to synchronously test whether a file exists
opts.packageFilter - transform the parsed package.json contents before looking at the "main" field
opts.paths - require.paths array to use if nothing is found on the normal node_modules recursive walk (probably don't use this)
opts.moduleDirectory - directory (or directories) to recursively look for modules in. default:
"node_modules"
default opts
values:
{
paths: [],
basedir: __dirname,
extensions: [ '.js' ],
readFileSync: fs.readFileSync,
isFile: function (file) {
try { return fs.statSync(file).isFile() }
catch (e) { return false }
},
moduleDirectory: 'node_modules'
}
Return whether a package is in core.
With npm do:
npm install resolve
MIT
FAQs
resolve like require.resolve() on behalf of files asynchronously and synchronously
The npm package resolve receives a total of 14,577,491 weekly downloads. As such, resolve popularity was classified as popular.
We found that resolve demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.