Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
vite-node
Advanced tools
The vite-node package is a tool that allows you to run Node.js scripts with Vite's native ES modules support, providing features such as hot module replacement (HMR) and TypeScript support out of the box. It is designed to work with Vite's ecosystem and can be used for tasks like server-side rendering (SSR) and testing.
Running Node.js scripts with ES modules
This feature allows you to run Node.js scripts that use ES module syntax, leveraging Vite's module resolution and transformation capabilities.
import { createServer } from 'vite-node/server';
const server = createServer({
// Vite's options here
});
server.moduleGraph.ensureEntryFromUrl('/path/to/your/module.js');
Hot Module Replacement (HMR)
vite-node supports HMR, enabling developers to have a more interactive development experience by automatically reloading modules when changes are detected.
import { createServer } from 'vite-node/server';
const server = createServer({
// Vite's options here
});
server.watcher.on('change', (file) => {
server.moduleGraph.invalidateModule(file);
});
TypeScript support
With vite-node, you can run TypeScript files directly without pre-compilation, as it integrates with Vite's built-in TypeScript support.
import { createServer } from 'vite-node/server';
const server = createServer({
// Vite's options here
});
server.moduleGraph.ensureEntryFromUrl('/path/to/your/typescript-module.ts');
ts-node is a TypeScript execution engine and REPL for Node.js. It allows you to run TypeScript files directly in Node.js without pre-compiling them. Unlike vite-node, ts-node does not provide HMR and is not integrated with Vite's ecosystem.
esbuild-runner enables you to run scripts using ESBuild, which is a fast JavaScript bundler and minifier. It provides fast compilation but does not offer HMR or the same level of integration with Vite's development server and features.
babel-node is part of the Babel toolchain and allows you to run Node.js scripts with Babel's support for the latest JavaScript syntax. It is similar to vite-node in that it supports modern JavaScript features, but it does not have built-in HMR or the optimizations provided by Vite.
Vite as Node runtime.
The engine powers Vitest and Nuxt 3 Dev SSR.
vite.config.ts
await
__dirname
and __filename
in ESMfs
, path
, etc.Run JS/TS file on Node.js using Vite's resolvers and transformers.
npx vite-node index.ts
Options:
npx vite-node -h
All ViteNodeServer
options are supported by the CLI. They may be defined through the dot syntax, as shown below:
npx vite-node --options.deps.inline="module-name" --options.deps.external="/module-regexp/" index.ts
Note that for options supporting RegExps, strings passed to the CLI must start and end with a /
;
If you prefer to write scripts that don't need to be passed into Vite Node, you can declare it in the hashbang.
Simply add #!/usr/bin/env vite-node --script
at the top of your file:
file.ts
#!/usr/bin/env vite-node --script
console.log('argv:', process.argv.slice(2))
And make the file executable:
chmod +x ./file.ts
Now, you can run the file without passing it into Vite Node:
$ ./file.ts hello
argv: [ 'hello' ]
Note that when using the --script
option, Vite Node forwards every argument and option to the script to execute, even the one supported by Vite Node itself.
In Vite Node, the server and runner (client) are separated, so you can integrate them in different contexts (workers, cross-process, or remote) if needed. The demo below shows a simple example of having both (server and runner) running in the same context
import { createServer } from 'vite'
import { ViteNodeServer } from 'vite-node/server'
import { ViteNodeRunner } from 'vite-node/client'
import { installSourcemapsSupport } from 'vite-node/source-map'
// create vite server
const server = await createServer({
optimizeDeps: {
// It's recommended to disable deps optimization
disabled: true,
},
})
// this is need to initialize the plugins
await server.pluginContainer.buildStart({})
// create vite-node server
const node = new ViteNodeServer(server)
// fixes stacktraces in Errors
installSourcemapsSupport({
getSourceMap: source => node.getSourceMap(source),
})
// create vite-node runner
const runner = new ViteNodeRunner({
root: server.config.root,
base: server.config.base,
// when having the server and runner in a different context,
// you will need to handle the communication between them
// and pass to this function
fetchModule(id) {
return node.fetchModule(id)
},
resolveId(id, importer) {
return node.resolveId(id, importer)
},
})
// execute the file
await runner.executeFile('./example.ts')
// close the vite server
await server.close()
Sometimes you might want to inspect the transformed code to investigate issues. You can set environment variable VITE_NODE_DEBUG_DUMP=true
to let vite-node write the transformed result of each module under .vite-node/dump
.
If you want to debug by modifying the dumped code, you can change the value of VITE_NODE_DEBUG_DUMP
to load
and search for the dumpped files and use them for executing.
VITE_NODE_DEBUG_DUMP=load vite-node example.ts
Or programmatically:
import { ViteNodeServer } from 'vite-node/server'
const server = new ViteNodeServer(viteServer, {
debug: {
dumpModules: true,
loadDumppedModules: true,
}
})
If the process get stuck, it might because there is a unresolvable circular dependencies, you can set VITE_NODE_DEBUG_RUNNER=true
to vite-node warn about it.
VITE_NODE_DEBUG_RUNNER=true vite-node example.ts
Or programmatically:
import { ViteNodeRunner } from 'vite-node/client'
const runner = new ViteNodeRunner({
debug: true
})
Based on @pi0's brilliant idea of having a Vite server as the on-demand transforming service for Nuxt's Vite SSR.
Thanks @brillout for kindly sharing this package name.
MIT License © 2021 Anthony Fu
FAQs
Vite as Node.js runtime
The npm package vite-node receives a total of 3,392,344 weekly downloads. As such, vite-node popularity was classified as popular.
We found that vite-node demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.