How to provide "require" keyword alternative?

[nickkolok]

Greetings from Russia, comrads!

I'm working on paraquire - security-oriented alternative for standard require. It is supposed to be fully backward compatible, i.e. there could be both require and paraquire calls in the same file. I prepared PR #1755 to show how will browserify look with paraquire.

As main security risks are access to FS and access to network, paraquire in browserified environment should act as usual require. Unfortunately, this trick wasn't successful: browserify does not treat paraquired libraries as dependencies while parsing module.

Is there any existing option to tell browserify to parse paraquire calls as require calls? I only need dependency injecting, not function redefinition. I guess that dependency list is defined by detective package, but which exact options should I pass?

[goto-bus-stop]

browserify/module-deps#141 will allow you to do this; once released, you can create a transform that finds paraquire calls and emits a 'dep' event with the argument string for each one.

[goto-bus-stop]

As of browserify 16 you can write transforms for this: https://github.com/browserify/module-deps/#transforms

module.exports = function () {
  var data = ''
  return through(ondata, onend)
  function ondata (chunk, enc, cb) { data += chunk; cb() }
  function onend (cb) {
    var calls = findParaquireCalls(data)
    for (var i = 0; i < calls.length; i++) {
      this.emit('dep', calls[i])
    }
  }
}