sandboxed-module
Advanced tools
A sandboxed Node.js module loader that lets you inject dependencies into your modules.
A sandboxed node.js module loader that lets you inject dependencies into your modules.
npm install sandboxed-module
var SandboxedModule = require('sandboxed-module');
var user = SandboxedModule.require('./user', {
requires: {'mysql': {fake: 'mysql module'}},
globals: {myGlobal: 'variable'},
locals: {myLocal: 'other variable'},
});
This module is intended to ease dependency injection for unit testing. However, feel free to use it for whatever crimes you can think of.
Returns a new SandboxedModule where moduleId is a regular module path / id
as you would normally pass into require(). The new module will be loaded in
its own v8 context, but otherwise have access to the normal node.js
environment.
options is an optional object that can be used to inject any of the
following:
requires: An object containing moduleIds and the values to inject for
them when required by the sandboxed module. This does not affect children
of the sandboxed module.globals: An object of global variables to inject into the sandboxed module.locals: An object of local variables to inject into the sandboxed module.sourceTransformers: An object of named functions to transform the source code of
the sandboxed module's file (e.g. transpiler language, code coverage).singleOnly: If false, modules that are required by the sandboxed module will not
be sandboxed. By default all modules required by the sandboxedModule will be sandboxed
using the same options that were used for the original sandboxed module.sourceTransformersSingleOnly: If false, the source transformers will not be run against
modules required by the sandboxed module. By default it will take the same value as
singleOnly.Identical to SandboxedModule.load(), but returns sandboxedModule.exports
directly.
Sets options globally across all uses of SandboxedModule.load() and
SandboxedModule.require(). This way, a commonly needed require, global, local,
or sourceTransformer can be specified once across all sandboxed modules.
Enables a built-in source transformer by name. Currently, SandboxedModule ships with two built in source transformers:
require('coffee-script').register() or require('coffee-script/register') as well.For example, if you'd like to use SandboxedModule in conjunction with istanbul,
just run SandboxedModule.registerBuiltInSourceTransformer('istanbul').
The full path to the module.
The underlaying node.js Module instance.
A getter returning the sandboxedModule.module.exports object.
The global object of the v8 context this module was loaded in. Modifications to this object will be reflected in the sandboxed module.
The local variables injected into the sandboxed module using a closure. Modifying this object has no effect on the state of the sandbox.
An object holding a list of all module required by the sandboxed module itself.
The keys are the moduleIds used for the require calls.
An object of named functions which will transform the source code required with
SandboxedModule.require. For example, CoffeeScript &
istanbul support is implemented with
built-in sourceTransformer functions (see #registerBuiltInSourceTransformer).
A source transformer receives the source (as it's been transformed thus far) and must return the transformed source (whether it's changed or unchanged).
An example source transformer to change all instances of the number "3" to "5" would look like this:
SandboxedModule.require('../fixture/baz', {
sourceTransformers: {
turn3sInto5s: function(source) {
return source.replace(/3/g,'5');
}
}
})
sandboxed-module is licensed under the MIT license.
FAQs
A sandboxed Node.js module loader that lets you inject dependencies into your modules.
The npm package sandboxed-module receives a total of 5,524 weekly downloads. As such, sandboxed-module popularity was classified as popular.
We found that sandboxed-module demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub postponed a new billing model for self-hosted Actions after developer pushback, but moved forward with hosted runner price cuts on January 1.
Research
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
Security News
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.