Gathering detailed insights and metrics for require-in-the-middle
Gathering detailed insights and metrics for require-in-the-middle
Module to hook into the Node.js require function
Installations
npm install require-in-the-middleReleases
Unable to fetch releases
Developer
elastic
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=8.6.0
Typescript Support
Yes
Node Version
22.5.1
NPM Version
10.8.2
Statistics
169 Stars
116 Commits
26 Forks
16 Watching
5 Branches
85 Contributors
Updated on 18 Nov 2024
Bundle Size
33.12 kB
Minified
9.13 kB
Minified + Gzipped
Languages
JavaScript (94.56%)
Makefile (4.94%)
TypeScript (0.49%)
Total Downloads
Cumulative downloads
Total Downloads
755,925,358
Last day
-1.4%
1,489,311
Compared to previous day
Last week
2.4%
7,950,473
Compared to previous week
Last month
12.9%
32,641,432
Compared to previous month
Last year
43.7%
304,085,293
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
require-in-the-middle
Hook into the Node.js require function. This allows you to modify
modules on-the-fly as they are being required.
Also supports hooking into calls to process.getBuiltinModule(), which was introduced in Node.js v22.3.0.
Installation
npm install require-in-the-middle --save
Usage
1const path = require('path') 2const { Hook } = require('require-in-the-middle') 3 4// Hook into the express and mongodb module 5new Hook(['express', 'mongodb'], function (exports, name, basedir) { 6 const version = require(path.join(basedir, 'package.json')).version 7 8 console.log('loading %s@%s', name, version) 9 10 // expose the module version as a property on its exports object 11 exports._version = version 12 13 // whatever you return will be returned by `require` 14 return exports 15})
API
The require-in-the-middle module exposes a single function:
hook = new Hook([modules][, options], onrequire)
When called a hook object is returned.
Arguments:
modules<string[]> An optional array of module names to limit which modules trigger a call of theonrequirecallback. If specified, this must be the first argument. Both regular modules (e.g.react-dom) and sub-modules (e.g.react-dom/server) can be specified in the array.options<Object> An optional object containing fields that change when theonrequirecallback is called. If specified, this must be the second argument.options.internals<boolean> Specifies whetheronrequireshould be called when module-internal files are loaded; defaults tofalse.
onrequire<Function> The function to call when a module is required.
The onrequire callback will be called the first time a module is
required. The function is called with three arguments:
exports<Object> The value of themodule.exportsproperty that would normally be exposed by the required module.name<string> The name of the module being required. Ifoptions.internalswas set totrue, the path of module-internal files that are loaded (relative tobasedir) will be appended to the module name, separated bypath.sep.basedir<string> The directory where the module is located, orundefinedfor core modules.
Return the value you want the module to expose (normally the exports
argument).
hook.unhook()
Removes the onrequire callback so that it will not be triggerd by
subsequent calls to require() or process.getBuiltinModule().
License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/elastic/.github/SECURITY.md:1
- Info: Found linked content: github.com/elastic/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/elastic/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/elastic/.github/SECURITY.md:1
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'
- Warn: 'stale review dismissal' is disabled on branch 'main'
- Warn: required approving review count is 1 on branch 'main'
- Warn: codeowners review is not required on branch 'main'
- Warn: 'last push approval' is disabled on branch 'main'
- Warn: no status checks found to merge onto branch 'main'
- Info: PRs are required in order to make changes on branch 'main'
Reason
Found 13/28 approved changesets -- score normalized to 4
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/require-in-the-middle/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/require-in-the-middle/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/require-in-the-middle/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/require-in-the-middle/test.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:34
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:22
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 28 are checked with a SAST tool
Score
4.9
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More