Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
org.graalvm.nativeimage:library-support
Advanced tools
SubstrateVM basic library-support components
GraalVM is a high-performance JDK distribution that compiles your Java applications ahead of time into standalone binaries. These binaries start instantly, provide peak performance with no warmup, and use fewer resources. You can use GraalVM just like any other Java Development Kit in your IDE.
The project website at https://www.graalvm.org/ describes how to get started, how to stay connected, and how to contribute.
Please refer to the GraalVM website for documentation. You can find most of the documentation sources in the docs/ directory in the same hierarchy as displayed on the website. Additional documentation including developer instructions for individual components can be found in corresponding docs/ sub-directories. The documentation for the Truffle framework, for example, is in truffle/docs/. This also applies to languages, tools, and other components maintained in related repositories.
This source repository is the main repository for GraalVM and includes the following components:
Directory | Description |
---|---|
.devcontainer/ | Configuration files for GitHub dev containers. |
.github/ | Configuration files for GitHub issues, workflows, …. |
compiler/ | Graal compiler, a modern, versatile compiler written in Java. |
espresso/ | Espresso, a meta-circular Java bytecode interpreter for the GraalVM. |
regex/ | TRegex, a regular expression engine for other GraalVM languages. |
sdk/ | GraalVM SDK, long-term supported APIs of GraalVM. |
substratevm/ | Framework for ahead-of-time (AOT) compilation with Native Image. |
sulong/ | Sulong, an engine for running LLVM bitcode on GraalVM. |
tools/ | Tools for GraalVM languages implemented with the instrumentation framework. |
truffle/ | GraalVM's language implementation framework for creating languages and tools. |
visualizer/ | Ideal Graph Visualizer (IGV), a tool for analyzing Graal compiler graphs. |
vm/ | Components for building GraalVM distributions. |
wasm/ | GraalWasm, an engine for running WebAssembly programs on GraalVM. |
GraalVM provides additional languages, tools, and other components developed in related repositories. These are:
Name | Description |
---|---|
FastR | Implementation of the R language. |
GraalJS | Implementation of JavaScript and Node.js. |
GraalPy | Implementation of the Python language. |
GraalVM Demos | Several example applications illustrating GraalVM capabilities. |
Native Build Tools | Build tool plugins for GraalVM Native Image. |
SimpleLanguage | A simple example language built with the Truffle framework. |
SimpleTool | A simple example tool built with the Truffle framework. |
TruffleRuby | Implementation of the Ruby language. |
GraalVM Community Edition is open source and distributed under version 2 of the GNU General Public License with the “Classpath” Exception, which are the same terms as for Java. The licenses of the individual GraalVM components are generally derivative of the license of a particular language (see the table below).
Component(s) | License |
---|---|
Espresso, Ideal Graph Visualizer | GPL 2 |
GraalVM Compiler, SubstrateVM, Tools, VM | GPL 2 with Classpath Exception |
GraalVM SDK, GraalWasm, Truffle Framework, TRegex | Universal Permissive License |
Sulong | 3-clause BSD |
FAQs
SubstrateVM basic library-support components
We found that org.graalvm.nativeimage:library-support demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.