I'm trying to write some tests for my PouchDB bindings, which naturally require the node pouchdb library. So I was trying this:

GlobalPouch := js.Global.Call("require", "pouchdb")

But this fails when running gopherjs test, because in this case, the file runs from /tmp, and npm didn't install my dependencies in /tmp for obvious reasons. :)

For now I worked around the problem thusly:

cwd := js.Global.Get("process").Call("cwd").String()
GlobalPouch = js.Global.Call("require",  cwd + "/node_modules/pouchdb")

And my code is working.

But as I was considering the implications of this, I think it's more than a minor inconvenience. It could be a potential security concern, as a malicious user of the same system might put a phony 'pouchdb' library in /tmp, and the next time I run my test...

A couple possible solutions I've thought of:

1. Simply have GopherJS modify node's runtime environment, changing process.paths to reflect the location of the Go source, rather than GopherJS's temporary output. If this is easy, it may be the best solution. To avoid the security issue described above, it ought to completely replace the existing process.paths values, not simply add to them.
2. Have GopherJS put its temp file in the same location as the .go files, perhaps with a name like .test.1234567 in place of /tmp/1234567. This might be preferable in the case that other modules (in Node or Go) try to do the same trick, and read files (executable code, or config files, etc) from a path relative to the running file.