diff --git a/lib/bcrypt.js b/lib/bcrypt.js
index 6c56d5373929c525f8ec3d937406fbed69fda92e..d3ee871cfb9aa06c47b7f36ad3fa14cea607e1ca 100644
--- a/lib/bcrypt.js
+++ b/lib/bcrypt.js
@@ -3,6 +3,7 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 const
+path = require('path'),
 computecluster = require('compute-cluster'),
 logger = require('../lib/logging.js').logger,
 bcrypt = require('bcrypt'),
diff --git a/lib/browserid/views.js b/lib/browserid/views.js
index 48fbc69c5c5bdefd73199e53126ac18a0a159915..1fc696fb6c90cd63d222e648afaec5f9364efeb9 100644
--- a/lib/browserid/views.js
+++ b/lib/browserid/views.js
@@ -12,7 +12,8 @@ config = require('../configuration.js'),
 und = require('underscore'),
 util = require('util'),
 httputils = require('../httputils.js'),
-etagify = require('etagify');
+etagify = require('etagify'),
+secrets = require('../secrets');
 
 // all templated content, redirects, and renames are handled here.
 // anything that is not an api, and not static
diff --git a/lib/wsapi.js b/lib/wsapi.js
index 004dd36d701558003b138c45ea2a7bb40c77797c..420868c6e856c913341646bf150b28cf44ec571a 100644
--- a/lib/wsapi.js
+++ b/lib/wsapi.js
@@ -17,7 +17,7 @@
 
 const
 sessions = require('client-sessions'),
-express = require('express');
+express = require('express'),
 secrets = require('./secrets'),
 config = require('./configuration'),
 logger = require('./logging.js').logger,
@@ -27,8 +27,8 @@ url = require('url'),
 fs = require('fs'),
 path = require('path'),
 validate = require('./validate'),
-statsd = require('./statsd');
-bcrypt = require('./bcrypt');
+statsd = require('./statsd'),
+bcrypt = require('./bcrypt'),
 i18n = require('./i18n');
 
 var abide = i18n.abide({
diff --git a/lib/wsapi/address_info.js b/lib/wsapi/address_info.js
index 9a4c9009f138bc4971ddd06fc2271ae520c3d25e..e65f93993c96d15b1c70005d65c3eafc9e9743ad 100644
--- a/lib/wsapi/address_info.js
+++ b/lib/wsapi/address_info.js
@@ -5,7 +5,9 @@
 const
 db = require('../db.js'),
 primary = require('../primary.js'),
-wsapi = require('../wsapi.js');
+wsapi = require('../wsapi.js'),
+httputils = require('../httputils.js'),
+url = require('url');
 
 // return information about an email address.
 //   type:  is this an address with 'primary' or 'secondary' support?
diff --git a/lib/wsapi/auth_with_assertion.js b/lib/wsapi/auth_with_assertion.js
index 4e0fa6ebaaf37562567ca73a01bdb1eb547f0618..37127d6edab08d8c01cfafc8edc7e2f8dd76a620 100644
--- a/lib/wsapi/auth_with_assertion.js
+++ b/lib/wsapi/auth_with_assertion.js
@@ -10,7 +10,8 @@ logger = require('../logging.js').logger,
 querystring = require('querystring'),
 primary = require('../primary.js'),
 http = require('http'),
-https = require('https');
+https = require('https'),
+config = require('../configuration');
 
 exports.method = 'post';
 exports.writes_db = false;
diff --git a/lib/wsapi/authenticate_user.js b/lib/wsapi/authenticate_user.js
index f4d060288973bd29446d9b4a72c61767fd5553c2..a14cfa95004d957793558789d394b7144fe23cb4 100644
--- a/lib/wsapi/authenticate_user.js
+++ b/lib/wsapi/authenticate_user.js
@@ -12,6 +12,7 @@ http = require('http'),
 https = require('https'),
 querystring = require('querystring'),
 statsd = require('../statsd');
+config = require('../configuration');
 
 exports.method = 'post';
 exports.writes_db = false;
diff --git a/lib/wsapi/complete_email_addition.js b/lib/wsapi/complete_email_addition.js
index 7756fcf5b9cc8bb06cc14c7ba7768901854c6cad..abd012418bdacfecee0ab3f4d41df2eacf046407 100644
--- a/lib/wsapi/complete_email_addition.js
+++ b/lib/wsapi/complete_email_addition.js
@@ -6,7 +6,8 @@ const
 db = require('../db.js'),
 logger = require('../logging.js').logger,
 wsapi = require('../wsapi.js'),
-brycpt = require('../bcrypt.js');
+bcrypt = require('../bcrypt.js'),
+httputils = require('../httputils.js');
 
 exports.method = 'post';
 exports.writes_db = true;
diff --git a/lib/wsapi/have_email.js b/lib/wsapi/have_email.js
index 5caf1feffbafb6ba86ea17f40af4bd1d80435d89..2ff22f0306e81331435dcff93cf9107d18322c05 100644
--- a/lib/wsapi/have_email.js
+++ b/lib/wsapi/have_email.js
@@ -4,7 +4,8 @@
 
 const
 db = require('../db.js'),
-wsapi = require('../wsapi.js');
+wsapi = require('../wsapi.js'),
+url = require('url');
 
 // return if an email is known to browserid
 
diff --git a/lib/wsapi/session_context.js b/lib/wsapi/session_context.js
index 7cc5e88629b8340c24f20891df921116463198c0..01ca65d3b3b84b24a99796bba993ff115fc958d1 100644
--- a/lib/wsapi/session_context.js
+++ b/lib/wsapi/session_context.js
@@ -8,7 +8,8 @@ logger = require('../logging.js').logger,
 crypto = require('crypto'),
 wsapi = require('../wsapi.js'),
 secrets = require('../secrets.js'),
-version = require('../version.js');
+version = require('../version.js'),
+config = require('../configuration.js');
 
 // return the CSRF token, authentication status, and current server time (for assertion signing)
 // 2011-12-22: adding a random seed for keygen