Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
org.graalvm.regex:regex
Advanced tools
GraalVM is a high-performance JDK distribution that compiles your Java applications ahead of time into standalone binaries. These binaries start instantly, provide peak performance with no warmup, and use fewer resources. You can use GraalVM just like any other Java Development Kit in your IDE.
The project website at https://www.graalvm.org/ describes how to get started, how to stay connected, and how to contribute.
Please refer to the GraalVM website for documentation. You can find most of the documentation sources in the docs/ directory in the same hierarchy as displayed on the website. Additional documentation including developer instructions for individual components can be found in corresponding docs/ sub-directories. The documentation for the Truffle framework, for example, is in truffle/docs/. This also applies to languages, tools, and other components maintained in related repositories.
This source repository is the main repository for GraalVM and includes the following components:
Directory | Description |
---|---|
.devcontainer/ | Configuration files for GitHub dev containers. |
.github/ | Configuration files for GitHub issues, workflows, …. |
compiler/ | Graal compiler, a modern, versatile compiler written in Java. |
espresso/ | Espresso, a meta-circular Java bytecode interpreter for the GraalVM. |
regex/ | TRegex, a regular expression engine for other GraalVM languages. |
sdk/ | GraalVM SDK, long-term supported APIs of GraalVM. |
substratevm/ | Framework for ahead-of-time (AOT) compilation with Native Image. |
sulong/ | Sulong, an engine for running LLVM bitcode on GraalVM. |
tools/ | Tools for GraalVM languages implemented with the instrumentation framework. |
truffle/ | GraalVM's language implementation framework for creating languages and tools. |
visualizer/ | Ideal Graph Visualizer (IGV), a tool for analyzing Graal compiler graphs. |
vm/ | Components for building GraalVM distributions. |
wasm/ | GraalWasm, an engine for running WebAssembly programs on GraalVM. |
GraalVM provides additional languages, tools, and other components developed in related repositories. These are:
Name | Description |
---|---|
FastR | Implementation of the R language. |
GraalJS | Implementation of JavaScript and Node.js. |
GraalPy | Implementation of the Python language. |
GraalVM Demos | Several example applications illustrating GraalVM capabilities. |
Native Build Tools | Build tool plugins for GraalVM Native Image. |
SimpleLanguage | A simple example language built with the Truffle framework. |
SimpleTool | A simple example tool built with the Truffle framework. |
TruffleRuby | Implementation of the Ruby language. |
GraalVM Community Edition is open source and distributed under version 2 of the GNU General Public License with the “Classpath” Exception, which are the same terms as for Java. The licenses of the individual GraalVM components are generally derivative of the license of a particular language (see the table below).
Component(s) | License |
---|---|
Espresso, Ideal Graph Visualizer | GPL 2 |
GraalVM Compiler, SubstrateVM, Tools, VM | GPL 2 with Classpath Exception |
GraalVM SDK, GraalWasm, Truffle Framework, TRegex | Universal Permissive License |
Sulong | 3-clause BSD |
FAQs
Truffle regular expressions language.
We found that org.graalvm.regex:regex demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.