Gathering detailed insights and metrics for resolve-from
Gathering detailed insights and metrics for resolve-from
Resolve the path of a module like require.resolve() but from a given path
Installations
npm install resolve-fromDeveloper Guide
BETA
Typescript
No
Module System
N/A
Min. Node Version
>=8
Node Version
8.15.0
NPM Version
6.9.0
Score
99.5
Supply Chain
88.5
Quality
75.3
Maintenance
100
Vulnerability
100
License
Languages
2
JavaScript
TypeScript
JavaScript (92.73%)
TypeScript (7.27%)
Developer
sindresorhus
Download Statistics
Total Downloads
18,392,258,827
Last Day
6,687,470
Last Week
108,446,166
Last Month
467,686,389
Last Year
4,588,037,278
GitHub Statistics
MIT License
142 Stars
30 Commits
13 Forks
6 Watchers
1 Branches
7 Contributors
Updated on May 20, 2025
Bundle Size
841.00 B
Minified
435.00 B
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
5.0.0
Package Id
resolve-from@5.0.0
Size
2.28 kB
NPM Version
6.9.0
Node Version
8.15.0
Published on
Apr 15, 2019
Total Downloads
Cumulative downloads
Total Downloads
18,392,258,827
Last Day
-10.1%
6,687,470
Compared to previous day
Last Week
-8.1%
108,446,166
Compared to previous week
Last Month
4%
467,686,389
Compared to previous month
Last Year
16.6%
4,588,037,278
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
resolve-from 
Resolve the path of a module like
require.resolve()but from a given path
Install
$ npm install resolve-from
Usage
1const resolveFrom = require('resolve-from'); 2 3// There is a file at `./foo/bar.js` 4 5resolveFrom('foo', './bar'); 6//=> '/Users/sindresorhus/dev/test/foo/bar.js'
API
resolveFrom(fromDirectory, moduleId)
Like require(), throws when the module can't be found.
resolveFrom.silent(fromDirectory, moduleId)
Returns undefined instead of throwing when the module can't be found.
fromDirectory
Type: string
Directory to resolve from.
moduleId
Type: string
What you would use in require().
Tip
Create a partial using a bound function if you want to resolve from the same fromDirectory multiple times:
1const resolveFromFoo = resolveFrom.bind(null, 'foo'); 2 3resolveFromFoo('./bar'); 4resolveFromFoo('./baz');
Related
- resolve-cwd - Resolve the path of a module from the current working directory
- import-from - Import a module from a given path
- import-cwd - Import a module from the current working directory
- resolve-pkg - Resolve the path of a package regardless of it having an entry point
- import-lazy - Import a module lazily
- resolve-global - Resolve the path of a globally installed module
License
MIT © Sindre Sorhus
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: .github/security.md:1
- Info: Found linked content: .github/security.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/security.md:1
- Info: Found text in security policy: .github/security.md:1
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: license:0
- Info: FSF or OSI recognized license: MIT License: license:0
Reason
Found 7/30 approved changesets -- score normalized to 2
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/resolve-from/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/resolve-from/main.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/main.yml:23
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 7 are checked with a SAST tool
Score
4.2
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More