Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
vite-node
Advanced tools
The vite-node package is a tool that allows you to run Node.js scripts with Vite's native ES modules support, providing features such as hot module replacement (HMR) and TypeScript support out of the box. It is designed to work with Vite's ecosystem and can be used for tasks like server-side rendering (SSR) and testing.
Running Node.js scripts with ES modules
This feature allows you to run Node.js scripts that use ES module syntax, leveraging Vite's module resolution and transformation capabilities.
import { createServer } from 'vite-node/server';
const server = createServer({
// Vite's options here
});
server.moduleGraph.ensureEntryFromUrl('/path/to/your/module.js');
Hot Module Replacement (HMR)
vite-node supports HMR, enabling developers to have a more interactive development experience by automatically reloading modules when changes are detected.
import { createServer } from 'vite-node/server';
const server = createServer({
// Vite's options here
});
server.watcher.on('change', (file) => {
server.moduleGraph.invalidateModule(file);
});
TypeScript support
With vite-node, you can run TypeScript files directly without pre-compilation, as it integrates with Vite's built-in TypeScript support.
import { createServer } from 'vite-node/server';
const server = createServer({
// Vite's options here
});
server.moduleGraph.ensureEntryFromUrl('/path/to/your/typescript-module.ts');
ts-node is a TypeScript execution engine and REPL for Node.js. It allows you to run TypeScript files directly in Node.js without pre-compiling them. Unlike vite-node, ts-node does not provide HMR and is not integrated with Vite's ecosystem.
esbuild-runner enables you to run scripts using ESBuild, which is a fast JavaScript bundler and minifier. It provides fast compilation but does not offer HMR or the same level of integration with Vite's development server and features.
babel-node is part of the Babel toolchain and allows you to run Node.js scripts with Babel's support for the latest JavaScript syntax. It is similar to vite-node in that it supports modern JavaScript features, but it does not have built-in HMR or the optimizations provided by Vite.
Vite as Node runtime.
The engine that powers Vitest and Nuxt 3 Dev SSR.
vite.config.ts
await
__dirname
and __filename
in ESMfs
, path
, etc.Run JS/TS file on Node.js using Vite's resolvers and transformers.
npx vite-node index.ts
Options:
npx vite-node -h
All ViteNodeServer
options are supported by the CLI. They may be defined through the dot syntax, as shown below:
npx vite-node --options.deps.inline="module-name" --options.deps.external="/module-regexp/" index.ts
Note that for options supporting RegExps, strings passed to the CLI must start and end with a /
;
If you prefer to write scripts that don't need to be passed into Vite Node, you can declare it in the hashbang.
Simply add #!/usr/bin/env vite-node --script
at the top of your file:
file.ts
#!/usr/bin/env vite-node --script
console.log('argv:', process.argv.slice(2))
And make the file executable:
chmod +x ./file.ts
Now, you can run the file without passing it into Vite Node:
$ ./file.ts hello
argv: [ 'hello' ]
Note that when using the --script
option, Vite Node forwards every argument and option to the script to execute, even the one supported by Vite Node itself.
In Vite Node, the server and runner (client) are separated, so you can integrate them in different contexts (workers, cross-process, or remote) if needed. The demo below shows a simple example of having both (server and runner) running in the same context
import { createServer } from 'vite'
import { ViteNodeRunner } from 'vite-node/client'
import { ViteNodeServer } from 'vite-node/server'
import { installSourcemapsSupport } from 'vite-node/source-map'
// create vite server
const server = await createServer({
optimizeDeps: {
// It's recommended to disable deps optimization
disabled: true,
},
})
// this is need to initialize the plugins
await server.pluginContainer.buildStart({})
// create vite-node server
const node = new ViteNodeServer(server)
// fixes stacktraces in Errors
installSourcemapsSupport({
getSourceMap: source => node.getSourceMap(source),
})
// create vite-node runner
const runner = new ViteNodeRunner({
root: server.config.root,
base: server.config.base,
// when having the server and runner in a different context,
// you will need to handle the communication between them
// and pass to this function
fetchModule(id) {
return node.fetchModule(id)
},
resolveId(id, importer) {
return node.resolveId(id, importer)
},
})
// execute the file
await runner.executeFile('./example.ts')
// close the vite server
await server.close()
Sometimes you might want to inspect the transformed code to investigate issues. You can set environment variable VITE_NODE_DEBUG_DUMP=true
to let vite-node write the transformed result of each module under .vite-node/dump
.
If you want to debug by modifying the dumped code, you can change the value of VITE_NODE_DEBUG_DUMP
to load
and search for the dumped files and use them for executing.
VITE_NODE_DEBUG_DUMP=load vite-node example.ts
Or programmatically:
import { ViteNodeServer } from 'vite-node/server'
const server = new ViteNodeServer(viteServer, {
debug: {
dumpModules: true,
loadDumppedModules: true,
},
})
If the process gets stuck, it might be because there are unresolvable circular dependencies. You can set VITE_NODE_DEBUG_RUNNER=true
for vite-node to warn about this.
VITE_NODE_DEBUG_RUNNER=true vite-node example.ts
Or programmatically:
import { ViteNodeRunner } from 'vite-node/client'
const runner = new ViteNodeRunner({
debug: true,
})
Based on @pi0's brilliant idea of having a Vite server as the on-demand transforming service for Nuxt's Vite SSR.
Thanks @brillout for kindly sharing this package name.
MIT License © 2021 Anthony Fu
FAQs
Vite as Node.js runtime
The npm package vite-node receives a total of 3,543,196 weekly downloads. As such, vite-node popularity was classified as popular.
We found that vite-node demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.