Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
use-lazy-module-federation
Advanced tools
use-lazy-module-federation
1.Reason
This project is to make Micro FE with Module Federation become easier to use
This project was inspire from this sample to load dynamic remote module advanced-api/dynamic-remotes from Creator of Module Federation
But it's still complex to understand all the mechanism to load remote module, so I create this hook to wrap that complex mechanism
2.Setup Module Federation
- To use Module Federation, you webpack version must >= 5
2.1.If your project running in webpack
- go to
webpack.config.js - add these config to
pluginspart:
const ModuleFederationPlugin = require('webpack').container.ModuleFederationPlugin
module.exports = {
// ...
plugins: [
// ...
new ModuleFederationPlugin({
name: "home",
filename: "remoteEntry.js",
shared: [
{
react: { singleton: true, eager: true },
"react-dom": { singleton: true, eager: true }
}
]
}),
],
};
2.2.If your project running in cra
- install react-app-rewired
yarn add -D react-app-rewired react-app-rewiredwill merge your override config with the default webpack config from cra and you can inject your additional settings- add file
config-overrides.jswith these content:
const ModuleFederationPlugin = require('webpack').container.ModuleFederationPlugin
module.exports = function override(config, env) {
config.plugins = config.plugins || []
config.plugins.push(
new ModuleFederationPlugin({
name: "home",
filename: "remoteEntry.js",
shared: [
{
react: { singleton: true, eager: true },
"react-dom": { singleton: true, eager: true }
}
]
}),
)
return config;
}
- adjust your running script, replace
react-scriptswithreact-app-rewired
"scripts": {
"dev": "react-app-rewired start",
"build": "react-app-rewired build",
"start": "serve -s build -l 3000",
"test": "react-app-rewired test",
"eject": "react-scripts eject"
},
3.Setup this hook and complete setup
yarn add -D use-lazy-module-federation
4.Coding
import { useLazyModuleFederation } from "use-lazy-module-federation";
type RemoteComponentProps = {
title?: string
}
export default function Container() {
const { Component: RemoteComponent, errorLoading } = useLazyModuleFederation<RemoteComponentProps>({
url: 'http://localhost:3003/remoteEntry.js',
scope: 'app3',
module: './Widget',
});
return (
<>
<Suspense fallback="Loading System">
{errorLoading
? `Error loading module "${module}"`
: RemoteComponent && <RemoteComponent title="hello" />}
</Suspense>
</>
)
}
5.Demo
Happy coding ♥
FAQs
## 1.Reason
We found that use-lazy-module-federation demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 12 Jun 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025