![Apple Reorganizes Executive Team to Rescue Siri [Report]](https://www.iclarified.com/images/news/96777/96777/96777-640.jpg)
![The latest vinyl Android figure is a faux wood ‘Pine Pal’ where no two are alike [Gallery]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/03/android-figure-pine-pal-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![[The AI Show Episode 138]: Introducing GPT-4.5, Claude 3.7 Sonnet, Alexa+, Deep Research Now in ChatGPT Plus & How AI Is Disrupting Writing](https://www.marketingaiinstitute.com/hubfs/ep%20138%20cover.png)
![What are good examples of 'preflight check patterns' on existing applications? [closed]](https://i.sstatic.net/yl2Tr80w.png)
-Assassin's-Creed-Shadows-Review-00-12-31.png?width=1920&height=1920&fit=bounds&quality=80&format=jpg&auto=webp#)
![Release: Rendering Ranger: R² [Rewind]](https://images-3.gog-statics.com/48a9164e1467b7da3bb4ce148b93c2f92cac99bdaa9f96b00268427e797fc455.jpg)
How to design a plugin architecture in Node.js?
I have a Node.js application and I want users to be able to develop custom plugins. I have multiple ideas and I am unsure how good they are. I need some tips from more experienced developers. My first idea is the following: Write an npm package that defines a plugin interface While my application is running: run npm install as child_process Dynamically import the plugin via import(). Communication is direct, the application just calls the interface functions, the plugin runs in the same process Second idea: Write an npm package that defines a plugin interface, the interface listens to messages from a parent process While my application is running: Run git clone && cd && npm install && npm start as child_processes. Communication works through child_process.send(msg). In both situations users will be able to add plugins to my software just by providing my software either a link (to the github repository) or the name of the npm package. This makes it possible to install plugins from anyone. I am not sure with my ideas, to be honest I don't feel happy with both solutions. The first seems very insecure, because plugin and application share the same process. Or is this common for plugins? The second one seems to be more secure, because the code is running in a child process, but this results in one extra node_modules folder per plugin. Is it even possible to build a secure and lightweight plugin architecture?
I have a Node.js application and I want users to be able to develop custom plugins. I have multiple ideas and I am unsure how good they are. I need some tips from more experienced developers.
My first idea is the following:
- Write an npm package that defines a plugin interface
- While my application is running: run
npm installaschild_process - Dynamically import the plugin via
import(). Communication is direct, the application just calls the interface functions, the plugin runs in the same process
Second idea:
Write an npm package that defines a plugin interface, the interface listens to messages from a parent process
While my application is running: Run
git cloneas&& cd && npm install && npm start child_processes.Communication works through
child_process.send(msg).
In both situations users will be able to add plugins to my software just by providing my software either a link (to the github repository) or the name of the npm package. This makes it possible to install plugins from anyone.
I am not sure with my ideas, to be honest I don't feel happy with both solutions.
The first seems very insecure, because plugin and application share the same process. Or is this common for plugins?
The second one seems to be more secure, because the code is running in a child process, but this results in one extra node_modules folder per plugin.
Is it even possible to build a secure and lightweight plugin architecture?
