Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
org.graalvm:graal-sdk
Advanced tools
GraalVM is an ecosystem for compiling and running applications written in multiple languages. GraalVM removes the isolation between programming languages and enables interoperability in a shared runtime.
GraalVM is a high-performance JDK distribution that compiles your Java applications ahead of time into standalone binaries. These binaries start instantly, provide peak performance with no warmup, and use fewer resources. You can use GraalVM just like any other Java Development Kit in your IDE.
The project website at https://www.graalvm.org/ describes how to get started, how to stay connected, and how to contribute.
Please refer to the GraalVM website for documentation. You can find most of the documentation sources in the docs/ directory in the same hierarchy as displayed on the website. Additional documentation including developer instructions for individual components can be found in corresponding docs/ sub-directories. The documentation for the Truffle framework, for example, is in truffle/docs/. This also applies to languages, tools, and other components maintained in related repositories.
This source repository is the main repository for GraalVM and includes the following components:
Directory | Description |
---|---|
.devcontainer/ | Configuration files for GitHub dev containers. |
.github/ | Configuration files for GitHub issues, workflows, …. |
compiler/ | Graal compiler, a modern, versatile compiler written in Java. |
espresso/ | Espresso, a meta-circular Java bytecode interpreter for the GraalVM. |
regex/ | TRegex, a regular expression engine for other GraalVM languages. |
sdk/ | GraalVM SDK, long-term supported APIs of GraalVM. |
substratevm/ | Framework for ahead-of-time (AOT) compilation with Native Image. |
sulong/ | Sulong, an engine for running LLVM bitcode on GraalVM. |
tools/ | Tools for GraalVM languages implemented with the instrumentation framework. |
truffle/ | GraalVM's language implementation framework for creating languages and tools. |
visualizer/ | Ideal Graph Visualizer (IGV), a tool for analyzing Graal compiler graphs. |
vm/ | Components for building GraalVM distributions. |
wasm/ | GraalWasm, an engine for running WebAssembly programs on GraalVM. |
GraalVM provides additional languages, tools, and other components developed in related repositories. These are:
Name | Description |
---|---|
FastR | Implementation of the R language. |
GraalJS | Implementation of JavaScript and Node.js. |
GraalPy | Implementation of the Python language. |
GraalVM Demos | Several example applications illustrating GraalVM capabilities. |
Native Build Tools | Build tool plugins for GraalVM Native Image. |
SimpleLanguage | A simple example language built with the Truffle framework. |
SimpleTool | A simple example tool built with the Truffle framework. |
TruffleRuby | Implementation of the Ruby language. |
GraalVM Community Edition is open source and distributed under version 2 of the GNU General Public License with the “Classpath” Exception, which are the same terms as for Java. The licenses of the individual GraalVM components are generally derivative of the license of a particular language (see the table below).
Component(s) | License |
---|---|
Espresso, Ideal Graph Visualizer | GPL 2 |
GraalVM Compiler, SubstrateVM, Tools, VM | GPL 2 with Classpath Exception |
GraalVM SDK, GraalWasm, Truffle Framework, TRegex | Universal Permissive License |
Sulong | 3-clause BSD |
FAQs
GraalVM is an ecosystem for compiling and running applications written in multiple languages. GraalVM removes the isolation between programming languages and enables interoperability in a shared runtime.
We found that org.graalvm:graal-sdk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.