CommonJS is the traditional module system used by Node.js. It lets code load packages with require() and export functionality with module.exports. In practice, a CommonJS module is not just data on disk: when it is required, its top-level JavaScript runs immediately.
That execution model matters in cyber security because a compromised package can trigger malicious behavior as soon as an application, build script, or test job imports it. Attackers abuse this by hiding payloads in dependency code, knowing that routine require() calls may execute them before the rest of the program starts. Defenders watch for this by reviewing dependencies, pinning versions in lockfiles, scanning for unexpected install-time or import-time behavior, and limiting where secrets are available during builds.