Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
vite-plugin-commonjs
Advanced tools
A pure JavaScript implementation of CommonJs
English | 简体中文
✅ alias
✅ bare module(node_modules)
✅ dynamic-require similar to 👉 Webpack require('./foo/' + bar)
import commonjs from 'vite-plugin-commonjs'
export default {
plugins: [
commonjs(/* options */),
]
}
export interface CommonjsOptions {
filter?: (id: string) => boolean | undefined
dynamic?: {
/**
* 1. `true` - Match all possibilities as much as possible, more like `webpack`
* 2. `false` - It behaves more like `@rollup/plugin-dynamic-import-vars`
* @default true
*/
loose?: boolean
/**
* If you want to exclude some files
* e.g.
* ```js
* commonjs({
* dynamic: {
* onFiles: files => files.filter(f => f !== 'types.d.ts')
* }
* })
* ```
*/
onFiles?: (files: string[], id: string) => typeof files | undefined
}
advanced?: {
/**
* Custom import module interop behavior.
*
* If you want to fully customize the interop behavior,
* you can pass a function and return the interop code snippet.
*/
importRules?: ImportInteropType | ((id: string) => ImportInteropType | string)
}
}
commonjs({
filter(id) {
// `node_modules` is exclude by default, so we need to include it explicitly
// https://github.com/vite-plugin/vite-plugin-commonjs/blob/v0.7.0/src/index.ts#L125-L127
if (id.includes('node_modules/xxx')) {
return true
}
}
})
✅ require statement
// Top-level scope
const foo = require('foo').default
// ↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓
import foo from 'foo'
const foo = require('foo')
// ↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓
import * as foo from 'foo'
const foo = require('foo').bar
// ↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓
import * as __CJS_import__0__ from 'foo'; const { bar: foo } = __CJS_import__0__
// Non top-level scope
const foo = [{ bar: require('foo').bar }]
↓
import * as __CJS_import__0__ from 'foo'; const foo = [{ bar: __CJS_import__0__.bar }]
✅ exports statement
module.exports = fn() { }
// ↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓
const __CJS__export_default__ = module.exports = fn() { }
export { __CJS__export_default__ as default }
exports.foo = 'foo'
// ↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓
const __CJS__export_foo__ = (module.exports == null ? {} : module.exports).foo
export { __CJS__export_foo__ as foo }
✅ dynamic-require statement
We assume that the project structure is as follows
├─┬ src
│ ├─┬ views
│ │ ├─┬ foo
│ │ │ └── index.js
│ │ └── bar.js
│ └── router.js
└── vite.config.js
// router.js
function load(name: string) {
return require(`./views/${name}`)
}
// ↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓
import * as __dynamic_require2import__0__0 from './views/foo/index.js'
import * as __dynamic_require2import__0__1 from './views/bar.js'
function load(name: string) {
return __matchRequireRuntime0__(`./views/${name}`)
}
function __matchRequireRuntime0__(path) {
switch(path) {
case './views/foo':
case './views/foo/index':
case './views/foo/index.js':
return __dynamic_require2import__0__0;
case './views/bar':
case './views/bar.js':
return __dynamic_require2import__0__1;
default: throw new Error("Cann't found module: " + path);
}
}
FAQs
A pure JavaScript implementation of CommonJs
We found that vite-plugin-commonjs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.