Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
static-module
Advanced tools
The static-module npm package is used to statically analyze and transform JavaScript modules at build time. It allows you to replace dynamic code with static code, which can be useful for optimizations and reducing runtime dependencies.
Static Code Replacement
This feature allows you to replace dynamic code with static code. In this example, the `myFunction` from `my-module` is replaced with a static JSON string. This can be useful for optimizing code by removing dynamic parts that are known at build time.
const staticModule = require('static-module');
const through = require('through2');
const sm = staticModule({
'my-module': {
'myFunction': function() {
return JSON.stringify({ key: 'value' });
}
}
}, { vars: { process: { env: { NODE_ENV: 'production' } } } });
process.stdin.pipe(sm).pipe(process.stdout);
Variable Inlining
This feature allows you to inline variables, such as environment variables, into your code. In this example, `process.env.NODE_ENV` is replaced with the string 'production'. This can help in optimizing and simplifying the code by removing runtime checks.
const staticModule = require('static-module');
const through = require('through2');
const sm = staticModule({
'process.env.NODE_ENV': JSON.stringify('production')
});
process.stdin.pipe(sm).pipe(process.stdout);
Browserify is a tool that allows you to use `require` in the browser by bundling up all of your dependencies. It also supports static analysis and transformation of modules, similar to static-module. However, Browserify is more focused on bundling for the browser, whereas static-module is more general-purpose.
Webpack is a module bundler that also supports static analysis and transformation of modules. It is highly configurable and can be used to optimize and transform code at build time. Compared to static-module, Webpack offers a broader range of features and is more commonly used for complex build processes.
Rollup is a module bundler that focuses on ES6 modules and tree-shaking to optimize code. It also supports static analysis and transformation of modules. Rollup is similar to static-module in its ability to perform static transformations, but it is more specialized for ES6 modules and optimizing bundle size.
convert module usage to inline expressions
Here's a simplified version of the brfs module using static-module.
brfs converts fs.readFileSync(file)
calls to inline strings with the contents
of file
included in-place.
var staticModule = require('static-module');
var quote = require('quote-stream');
var fs = require('fs');
var sm = staticModule({
fs: {
readFileSync: function (file) {
return fs.createReadStream(file).pipe(quote());
}
}
}, { vars: { __dirname: __dirname + '/brfs' } });
process.stdin.pipe(sm).pipe(process.stdout);
input:
$ cat brfs/source.js
var fs = require('fs');
var src = fs.readFileSync(__dirname + '/x.txt');
console.log(src);
output:
$ node brfs.js < brfs/source.js
var src = "beep boop\n";
console.log(src);
var staticModule = require('static-module')
Return a transform stream sm
that transforms javascript source input to
javascript source output with each property in the modules
object expanded in
inline form.
Properties in the modules
object can be ordinary values that will be included
directly or functions that will be executed with the statically
evaluated arguments from the source
under an optional set of opts.vars
variables.
Property functions can return streams, in which case their contents will be piped directly into the source output.
Otherwise, the return values of functions will be inlined into the source in place as strings.
Use opts.varModules
to map whitelisted module names to definitions that can be
declared in client code with var
and will appear in static expressions like
opts.vars
.
For example, to make this code with path.join()
work:
var fs = require('fs');
var path = require('path');
var src = fs.readFileSync(path.join(__dirname, 'x.txt'), 'utf8');
console.log(src);
you can do:
var staticModule = require('static-module');
var quote = require('quote-stream');
var fs = require('fs');
var sm = staticModule({
fs: {
readFileSync: function (file) {
return fs.createReadStream(file).pipe(quote());
}
},
varMods: { path: require('path') }
}, { vars: { __dirname: __dirname + '/brfs' } });
process.stdin.pipe(sm).pipe(process.stdout);
With npm do:
npm install static-module
MIT
FAQs
convert module usage to inline expressions
The npm package static-module receives a total of 570,200 weekly downloads. As such, static-module popularity was classified as popular.
We found that static-module demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 40 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.