sandboxed-module
Advanced tools
A sandboxed Node.js module loader that lets you inject dependencies into your modules.
A sandboxed node.js module loader that lets you inject dependencies into your modules.
npm install sandboxed-module
var SandboxedModule = require('sandboxed-module');
var user = SandboxedModule.require('./user', {
requires: {'mysql': {fake: 'mysql module'}},
globals: {myGlobal: 'variable'},
locals: {myLocal: 'other variable'},
});
This module is intended to ease dependency injection for unit testing. However, feel free to use it for whatever crimes you can think of.
Returns a new SandboxedModule where moduleId is a regular module path / id
as you would normally pass into require(). The new module will be loaded in
its own v8 context, but otherwise have access to the normal node.js
environment.
options is an optional object that can be used to inject any of the
following:
requires: An object containing moduleIds and the values to inject for
them when required by the sandboxed module. This does not affect children
of the sandboxed module.globals: An object of global variables to inject into the sandboxed module.locals: An object of local variables to inject into the sandboxed module.sourceTransformers: An object of named functions to transform the source code of
the sandboxed module's file (e.g. transpiler language, code coverage).singleOnly: If false, modules that are required by the sandboxed module will not
be sandboxed. By default all modules required by the sandboxedModule will be sandboxed
using the same options that were used for the original sandboxed module.sourceTransformersSingleOnly: If false, the source transformers will not be run against
modules required by the sandboxed module. By default it will take the same value as
singleOnly.Identical to SandboxedModule.load(), but returns sandboxedModule.exports
directly.
Sets options globally across all uses of SandboxedModule.load() and
SandboxedModule.require(). This way, a commonly needed require, global, local,
or sourceTransformer can be specified once across all sandboxed modules.
Enables a built-in source transformer by name. Currently, SandboxedModule ships with two built in source transformers:
require('coffee-script').register() or require('coffee-script/register') as well.For example, if you'd like to use SandboxedModule in conjunction with istanbul,
just run SandboxedModule.registerBuiltInSourceTransformer('istanbul').
The full path to the module.
The underlaying node.js Module instance.
A getter returning the sandboxedModule.module.exports object.
The global object of the v8 context this module was loaded in. Modifications to this object will be reflected in the sandboxed module.
The local variables injected into the sandboxed module using a closure. Modifying this object has no effect on the state of the sandbox.
An object holding a list of all module required by the sandboxed module itself.
The keys are the moduleIds used for the require calls.
An object of named functions which will transform the source code required with
SandboxedModule.require. For example, CoffeeScript &
istanbul support is implemented with
built-in sourceTransformer functions (see #registerBuiltInSourceTransformer).
A source transformer receives the source (as it's been transformed thus far) and must return the transformed source (whether it's changed or unchanged).
An example source transformer to change all instances of the number "3" to "5" would look like this:
SandboxedModule.require('../fixture/baz', {
sourceTransformers: {
turn3sInto5s: function(source) {
return source.replace(/3/g,'5');
}
}
})
sandboxed-module is licensed under the MIT license.
FAQs
A sandboxed Node.js module loader that lets you inject dependencies into your modules.
The npm package sandboxed-module receives a total of 12,054 weekly downloads. As such, sandboxed-module popularity was classified as popular.
We found that sandboxed-module demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A compromised GitHub Action exposed secrets in CI/CD logs, putting thousands of projects at risk and forcing developers to urgently secure their workflows.
Research
Security News
A malicious Maven package typosquatting a popular library is secretly stealing OAuth credentials on the 15th of each month, putting Java developers at risk.
Security News
Socket and Seal Security collaborate to fix a critical npm overrides bug, resolving a three-year security issue in the JavaScript ecosystem's most popular package manager.