├── .npmrc ├── .gitattributes ├── .gitignore ├── test ├── fixture │ ├── node_modules │ │ └── foo │ │ │ ├── index.js │ │ │ └── package.json │ ├── package.json │ └── project │ │ ├── package.json │ │ └── index.js └── test.js ├── .editorconfig ├── .github └── workflows │ └── main.yml ├── package.json ├── license ├── index.js └── readme.md /.npmrc: -------------------------------------------------------------------------------- 1 | package-lock=false 2 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto eol=lf 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /node_modules 2 | yarn.lock 3 | -------------------------------------------------------------------------------- /test/fixture/node_modules/foo/index.js: -------------------------------------------------------------------------------- 1 | console.log('foo'); 2 | -------------------------------------------------------------------------------- /test/fixture/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "fixture" 3 | } 4 | -------------------------------------------------------------------------------- /test/fixture/project/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "project" 3 | } 4 | -------------------------------------------------------------------------------- /test/fixture/node_modules/foo/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "foo" 3 | } 4 | -------------------------------------------------------------------------------- /test/fixture/project/index.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | require('../../..')(module); 3 | require('foo'); 4 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*] 4 | indent_style = tab 5 | end_of_line = lf 6 | charset = utf-8 7 | trim_trailing_whitespace = true 8 | insert_final_newline = true 9 | 10 | [*.yml] 11 | indent_style = space 12 | indent_size = 2 13 | -------------------------------------------------------------------------------- /test/test.js: -------------------------------------------------------------------------------- 1 | import test from 'ava'; 2 | import execa from 'execa'; 3 | 4 | test('main', async t => { 5 | const {stderr} = await execa(process.execPath, ['test/fixture/project'], {reject: false}); 6 | t.regex(stderr, /Cannot find module 'foo'/); 7 | }); 8 | -------------------------------------------------------------------------------- /.github/workflows/main.yml: -------------------------------------------------------------------------------- 1 | name: CI 2 | on: 3 | - push 4 | - pull_request 5 | jobs: 6 | test: 7 | name: Node.js ${{ matrix.node-version }} 8 | runs-on: ubuntu-latest 9 | strategy: 10 | fail-fast: false 11 | matrix: 12 | node-version: 13 | - 14 14 | - 12 15 | - 10 16 | - 8 17 | - 6 18 | steps: 19 | - uses: actions/checkout@v2 20 | - uses: actions/setup-node@v1 21 | with: 22 | node-version: ${{ matrix.node-version }} 23 | - run: npm install 24 | - run: npm test 25 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "strict-import", 3 | "version": "0.2.0", 4 | "description": "Prevent `require` from searching upwards for required modules", 5 | "license": "MIT", 6 | "repository": "sindresorhus/strict-import", 7 | "author": { 8 | "name": "Sindre Sorhus", 9 | "email": "sindresorhus@gmail.com", 10 | "url": "sindresorhus.com" 11 | }, 12 | "engines": { 13 | "node": ">=6" 14 | }, 15 | "scripts": { 16 | "test": "xo && ava test/test.js" 17 | }, 18 | "files": [ 19 | "index.js" 20 | ], 21 | "keywords": [ 22 | "import", 23 | "require", 24 | "strict", 25 | "prevent", 26 | "block", 27 | "module", 28 | "modules", 29 | "search", 30 | "path" 31 | ], 32 | "devDependencies": { 33 | "ava": "*", 34 | "execa": "^0.10.0", 35 | "xo": "*" 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /license: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) Sindre Sorhus (sindresorhus.com) 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 6 | 7 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 10 | -------------------------------------------------------------------------------- /index.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | const path = require('path'); 3 | const Module = require('module'); 4 | 5 | const getParentModuleDirectories = cwd => { 6 | const ret = new Set(); 7 | 8 | let dir = cwd; 9 | while (path.parse(dir).root !== dir) { 10 | dir = path.dirname(dir); 11 | ret.add(path.join(dir, 'node_modules')); 12 | } 13 | 14 | return ret; 15 | }; 16 | 17 | module.exports = (mod, options) => { 18 | const cwd = path.dirname(mod.filename); 19 | 20 | options = Object.assign({ 21 | _allowedModules: [] 22 | }, options); 23 | 24 | // We specifically block the parent node module directories instead of just blocking 25 | // everything except for the cwd, so we can support `npm link` modules 26 | const blockedDirectories = getParentModuleDirectories(cwd); 27 | 28 | const {_nodeModulePaths} = Module; 29 | Module._nodeModulePaths = from => { 30 | const paths = _nodeModulePaths(from); 31 | 32 | if (options._allowedModules.some(x => from.endsWith(`/node_modules/${x}`))) { 33 | return paths; 34 | } 35 | 36 | return paths.filter(modulePath => { 37 | for (const blockedDirectory of blockedDirectories) { 38 | if (modulePath.startsWith(blockedDirectory)) { 39 | return false; 40 | } 41 | } 42 | 43 | return true; 44 | }); 45 | }; 46 | 47 | mod.paths = Module._nodeModulePaths(cwd); 48 | }; 49 | -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | # strict-import 2 | 3 | > Prevent `require` from searching upwards for required modules 4 | 5 | 6 | ## Background 7 | 8 | The [`require() algorithm`](https://nodejs.org/api/modules.html#modules_all_together) works by searching for a `node_modules` directory with your required module from the current directory and upwards until it reaches the system root directory. 9 | 10 | This means that if you have nested projects, and have a module called `foo` installed at the top-level, the sub-projects can also import `foo` without installing it. While useful in some cases, it can also cause problems. 11 | 12 | I made this module because I'm working on an Electron app, where we use `electron-builder` with a [two package structure](https://www.electron.build/tutorials/two-package-structure). We depended on module `foo` in the renderer, which was defined top-level, since we use Webpack for bundling. We later started using `foo` in the main process code too, which is placed in an `app` subdirectory. The problem is that we forgot to add `foo` as a dependency in the `app` directory, but it worked fine in development as `require` just found it at the top-level. In production, however, it crashed, since we no longer had the top-level dependency, as only the `app` directory is included in the built app. With this module, we can ensure that doesn't happen again. 13 | 14 | 15 | ## Install 16 | 17 | ``` 18 | $ npm install strict-import 19 | ``` 20 | 21 | 22 | ## Usage 23 | 24 | At the top of your `index.js` file. 25 | 26 | ```js 27 | require('strict-import')(module); 28 | 29 | // This now only works if `foo` is in `./node_modules`, 30 | // but not if it's in `../node_modules` 31 | const foo = require('foo'); 32 | ``` 33 | 34 | 35 | ## License 36 | 37 | MIT © [Sindre Sorhus](https://sindresorhus.com) 38 | --------------------------------------------------------------------------------