Can I monkey patch a Node.js module installed from the npm repository so the patch is maintained after npm install?

By: ( +David Herron; Date: April 7, 2018

Tags: Node.JS

Suppose you've found a Node.js module that almost does what you want, but it needs another feature or two, or some other tweak? How to modify the package, and perhaps temporarily modify it at runtime? Technically, monkey patching is not simply maintaining a local modification to someone elses code, but to dynamically modify that code at runtime. Some say this is evil, but it is a practice that is required at times. Let's see how to do this.

First - npm does not support maintaining a local modification to a module. If you've edited files inside the node_modules directory, those modifications will be overwritten the next time you npm update or npm install over the top of that package.

I can imagine a possible addition to npm so the dependencies section supports an entry like:

    "dependencies": {
        "module-to-patch": {
            "dependency": "module@version-or-tag",
            "patch": "/path/to/file-containing-diff-u-patch-to-apply"

This is different from the normal dependency declaration in that it references a file that is used to patch the module after it is installed. Er... the patch would have to be run before any compilation step is performed, so that native code could be patched as well as JavaScript code.

But, npm doesn't have such a feature.

What one can do is implement a module that modifies the module object. That module can be checked into a repository, and then used as a regular dependency. An example is the excellent fs-extra module which implements the fs module functions with new functions that return Promise objects.

Consider the normal encapsulation of a Node.js module. Node.js modules act as if they were written as:

(function() {
    ... contents of module

In other words the content of the module is inside an anonymous private context that cannot be modified from outside that context.

The exception is that anything inside the module assigned to the module.exports object is then available as the object returned from require('that-module').

There is nothing much special about the object returned by require(). It is simply the object created as module.exports inside the module. We're talking about traditional CommonJS-style Node.js modules here. The newfangled ES6 modules are a little different.

Making a local patch to a module

To make a local patch to a module, write a new module ... let's call it modified-module to extend/change that-module. In pseudo-code it would be implemented as so:

const thatModule = require('that-module');

// First, copy over all the fields from the original module
for (let fieldName in thatModule) {
    module.exports[fieldName] = thatModule[fieldName];

// Then write new implementations of any function you want to change
module.exports.function1 = function(arg, arg2, arg3) {
    // new function implementation
    // To call the original function do:

Then, simply add a dependency to modified-module in your package.json, and in your code require('modified-module') instead of require('that-module'). You'll be able to rely on the documentation for that-module and to only document your modifications to the module.

Wait - how do you actually Monkey Patch a Node.js module?

Right .. that wasn't monkey patching. So .. try this:

const thatModule = require('that-module');
const origThatModule = thatModule;

if (process.env.PATCH_THAT_MODULE === 'yes') {
    thatModule.function1 = function(arg, arg2, arg3) {
        // new function implementation
        // To call the original function do:

Or, more concretely:

MacBook-Pro-4:mp david$ cat main.js
const fs = require('fs');

fs.hello = function() { console.log('Hello World'); }


MacBook-Pro-4:mp david$ cat check-patch.js 
const fs = require('fs');


MacBook-Pro-4:mp david$ node main.js 
Hello World
MacBook-Pro-4:mp david$ 

That is - in main.js a change is made to the fs module. Requiring the module into another module see's the same modification.


Both of these approaches can be part of your application, and will not be overwritten when the source module is installed or updated. Using this technique, your modifications to another module are in your source code, and stored in your own repository.

It's still best to send any modifications to the upstream module owner so you do not have to maintain the modification.

« Implementing __dirname in ES6 modules using import.meta.url Using SSL to connect to MySQL database in Node.js »
2016 Election 2018 Elections Acer C720 Ad block Affiliate marketing Air Filters Air Quality Air Quality Monitoring AkashaCMS Amazon Amazon Kindle Amazon Web Services America Amiga and Jon Pertwee Android Anti-Fascism AntiVirus Software Apple Apple Flexgate Apple Hardware History Apple Hardware Mistakes Apple iPhone Apple iPhone Hardware April 1st Arduino ARM Compilation Artificial Intelligence Astronomy Astrophotography Asynchronous Programming Authoritarianism Automated Social Posting AWS DynamoDB AWS Lambda Ayo.JS Bells Law Big Brother Big Data Big Finish Big Science Bitcoin Mining Black Holes Blade Runner Blockchain Blogger Blogging Books Botnets Cassette Tapes Cellphones China China Manufacturing Christopher Eccleston Chrome Chrome Apps Chromebook Chromebox ChromeOS CIA CitiCards Citizen Journalism Civil Liberties Climate Change Clinton Cluster Computing Command Line Tools Comment Systems Computer Accessories Computer Hardware Computer Repair Computers Conservatives Cross Compilation Crouton Cryptocurrency Curiosity Rover Currencies Cyber Security Cybermen Cybersecurity Daleks Darth Vader Data backup Data Formats Data Storage Database Database Backup Databases David Tenant DDoS Botnet Department of Defense Department of Justice Detect Adblocker Developers Editors Digital audio Digital Nomad Digital Photography Direct Attach Storage Diskless Booting Disqus DIY DIY Repair DNP3 Do it yourself Docker Docker MAMP Docker Swarm Doctor Who Doctor Who Paradox Doctor Who Review Drobo Drupal Drupal Themes DuckDuckGo DVD E-Books E-Readers Early Computers eGPU Election Hacks Electric Bicycles Electric Vehicles Electron Eliminating Jobs for Human Emdebian Encabulators Energy Efficiency Enterprise Node EPUB ESP8266 Ethical Curation Eurovision Event Driven Asynchronous Express Face Recognition Facebook Fake Advertising Fake News Fedora VirtualBox Fifth Doctor File transfer without iTunes FireFly Flash Flickr Fraud Freedom of Speech Front-end Development G Suite Gallifrey Gig Economy git Github GitKraken Gitlab GMAIL Google Google Adsense Google Chrome Google Gnome Google+ Government Spying Great Britain Green Transportation Hate Speech Heat Loss Hibernate High Technology Hoax Science Home Automation HTTP Security HTTPS Human ID I2C Protocol Image Analysis Image Conversion Image Processing ImageMagick In-memory Computing Incognito Mode InfluxDB Infrared Thermometers Insulation Internet Internet Advertising Internet Law Internet of Things Internet Policy Internet Privacy iOS iOS Devices iPad iPhone iPhone hacking Iron Man iShowU Audio Capture iTunes Janet Fielding Java JavaFX JavaScript JavaScript Injection JDBC John Simms Journalism Joyent jQuery Kaspersky Labs Kext Kindle Kindle Marketplace Large Hadron Collider Lets Encrypt LibreOffice Linux Linux Hints Linux Single Board Computers Logging Mac Mini Mac OS Mac OS X Mac Pro MacBook Pro Machine Learning Machine Readable ID Macintosh macOS macOS High Sierra macOS Kext MacOS X setup Make Money Online Make Money with Gigs March For Our Lives MariaDB Mars Mass Violence Matt Lucas MEADS Anti-Missile Mercurial MERN Stack Michele Gomez Micro Apartments Microsoft Military AI Military Hardware Minification Minimized CSS Minimized HTML Minimized JavaScript Missy Mobile Applications Mobile Computers MODBUS Mondas Monetary System MongoDB Mongoose Monty Python MQTT Music Player Music Streaming MySQL NanoPi Nardole NASA Net Neutrality Network Attached Storage Node Web Development Node.js Node.js Database Node.js Performance Node.js Testing Node.JS Web Development Node.x North Korea npm NSA NVIDIA NY Times Online advertising Online Community Online Fraud Online Journalism Online News Online Photography Online Video Open Media Vault Open Source Open Source and Patents Open Source Governance Open Source Licenses Open Source Software OpenAPI OpenJDK OpenVPN Palmtop PDA Patrick Troughton PayPal Paywalls Personal Flight Peter Capaldi Peter Davison Phishing Photography PHP Plex Plex Media Server Political Protest Politics Postal Service Power Control President Trump Privacy Private E-mail server Production use Public Violence Raspberry Pi Raspberry Pi 3 Raspberry Pi Zero ReactJS Recaptcha Recycling Refurbished Computers Remote Desktop Removable Storage Renewable Energy Republicans Retro Computing Retro-Technology Reviews RFID Rich Internet Applications Right to Repair River Song Robotics Robots Rocket Ships RSS News Readers rsync Russia Russia Troll Factory Russian Hacking Rust SCADA Scheme Science Fiction SD Cards Search Engine Ranking Search Engines Season 1 Season 10 Season 11 Security Security Cameras Server-side JavaScript Serverless Framework Servers Shell Scripts Silence Simsimi Skype SmugMug Social Media Social Media Networks Social Media Warfare Social Network Management Social Networks Software Development Software Patents Space Flight Space Ship Reuse Space Ships SpaceX Spear Phishing Spring Spring Boot Spy Satellites SQLite3 SSD Drives SSD upgrade SSH SSH Key SSL Stand For Truth Strange Parts Swagger Synchronizing Files Tegan Jovanka Telescopes Terrorism The Cybermen The Daleks The Master Time-Series Database Tom Baker Torchwood Total Information Awareness Trump Trump Administration Trump Campaign Twitter Ubuntu Udemy UDOO US Department of Defense Video editing Virtual Private Networks VirtualBox VLC VNC VOIP Vue.js Walmart Weapons Systems Web Applications Web Developer Resources Web Development Web Development Tools Web Marketing Webpack Website Advertising Website Business Models Weeping Angels WhatsApp William Hartnell Window Insulation Windows Windows Alternatives Wordpress World Wide Web Yahoo YouTube YouTube Adpocalypse YouTube Monetization