Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@a-la/context
Advanced tools
@a-la/context
is a a test context for @a-la
packages used in alamode
transpiler. It will provide a means to record the result of transforms for given rules, as well as emitted events.
yarn add -E @a-la/context
async stream(rules: Rule|Rule[], text: string, eventKeys?: string[]): ReturnType
setConfig(config: Object)
setFile(file: string)
setProps(props: !Object)
The package is available by importing its default function:
import ÀLaContext from '@a-la/context'
The context is then passed to the context
property of Zoroaster tests suites.
async stream(
rules: Rule|Rule[],
text: string,
eventKeys?: string[],
): ReturnType
Creates a Replaceable
stream according to a rule or set of rules, asynchronously ends it with passed text and returns the outcome.
In the example below, a transform rule is used to replace an export
statement with a module.exports
statement, and emit an exports
event.
/**
* A rule to replace an `export function` statement with `module.exports`.
*/
export const exportFunctionRule = {
re: / *export function ([$_\w][$_\w\d]*)/gm,
replacement(_, fn) {
// async
this.emit('exports', fn)
// sync
this.exports = this.exports || []
this.exports.push(fn)
return `module.exports.${fn} = function ${fn}`
},
}
Now, this rule can be tested using the @a-la/context
and zoroaster
testing framework.
import { equal, deepEqual } from '@zoroaster/assert'
import ÀLaContext from '@a-la/context'
import { exportFunctionRule as rule } from '../../src/rule'
/** @type {Object.<string, (c: ÀLaContext)>} */
const T = {
context: ÀLaContext,
async 'replaces the export function'({ stream }) {
const fn = 'test'
const data = `export function ${fn}() {}`
const {
result,
events,
replaceable,
} = await stream(rule, data, ['exports'])
const expected = `module.exports.${fn} = function ${fn}() {}`
equal(result, expected)
deepEqual(events, {
exports: [fn],
})
deepEqual(replaceable.exports, [fn])
},
}
export default T
example/test/spec
✓ replaces the export function
🦅 Executed 1 test.
The output of the stream
function is an object described below.
ReturnType
: Replaceable instance, string result and events map.
Name | Type | Description |
---|---|---|
events* | Object<string, any[]> | Emitted events recorded against passed events keys. |
result* | string | The caught output of a Replaceable stream as a string. |
replaceable* | Replaceable | The instance of a Replaceable stream. |
setConfig(
config: Object,
): void
This method allows to set the config
property of the Replaceable instance created inside of the stream
method. Some transform may use config
for certain functionality, e.g., replacing of the source string in the @a-la/import
transform.
setFile(
file: string,
): void
Sets the file
property on the replaceable stream. This is required by the import transform to find the package.json file of the imported module to check whether it has the alamode
property so that the esCheck
can be skipped.
setProps(
props: !Object,
): void
Assigns properties to the transform stream. The rules will be able to access them via their this
context.
© Art Deco™ for À La Mode 2020 |
---|
FAQs
A test context for @a-la packages.
We found that @a-la/context demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.