Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@babel/template
Advanced tools
The @babel/template package is a part of the Babel toolchain that allows developers to create AST (Abstract Syntax Tree) nodes with placeholders programmatically. This is useful for code generation, transformation, and manipulation tasks where you want to produce syntactically correct code snippets based on a template with variable parts.
Building AST Nodes
This feature allows you to build AST nodes using template literals with placeholders. The placeholders are then replaced with actual values to create a syntactically correct code snippet.
const template = require('@babel/template').default;
const buildRequire = template(`
const %%importName%% = require(%%source%%);
`);
const ast = buildRequire({
importName: template.identifier('myModule'),
source: template.stringLiteral('my-module')
});
Using Placeholders
This feature demonstrates how to use placeholders for different parts of the code, such as function names, parameters, and bodies. The placeholders are replaced with AST nodes representing identifiers, arrays of identifiers, and block statements, respectively.
const template = require('@babel/template').default;
const buildFunction = template(`
function %%funcName%%(%%params%%) {
return %%body%%;
}
`);
const ast = buildFunction({
funcName: template.identifier('myFunction'),
params: [template.identifier('a'), template.identifier('b')],
body: template.blockStatement([])
});
Customizing Placeholder Patterns
This feature shows how to customize the placeholder pattern used in the template. This is useful when you want to define a specific pattern for your placeholders to avoid conflicts with other parts of the code.
const template = require('@babel/template').default;
const buildAssertion = template(`
assert(%%test%%, '%%errorMessage%%');
`, {
placeholderPattern: /^%%[a-zA-Z0-9_]+%%$/
});
const ast = buildAssertion({
test: template.binaryExpression('===', template.identifier('a'), template.numericLiteral(3)),
errorMessage: template.stringLiteral('a is not 3')
});
Recast is a JavaScript AST manipulation library that allows you to parse, transform, and print code. It provides a different API than @babel/template but serves a similar purpose in terms of manipulating AST nodes. Recast preserves the original formatting of the code, which is a feature that distinguishes it from @babel/template.
Escodegen is a code generator for ECMAScript. It takes an AST and turns it into code. While it doesn't provide templating functionality like @babel/template, it is often used in conjunction with AST manipulation libraries to generate code after transformations have been applied.
Jscodeshift is a toolkit for running codemods over multiple JavaScript or TypeScript files. It uses recast under the hood for parsing and printing, while providing a higher-level API for transforming code. It's more focused on large-scale codebase refactors compared to the more granular transformations that @babel/template is typically used for.
Generate an AST from a string template.
See our website @babel/template for more information or the issues associated with this package.
Using npm:
npm install --save-dev @babel/template
or using yarn:
yarn add @babel/template --dev
v7.25.9 (2024-10-22)
babel-parser
, babel-template
, babel-types
syntacticPlaceholders
mode (@liuxingbaoyu)babel-helper-compilation-targets
, babel-preset-env
ClassAccessorProperty
to prevent the no-undef
rule (@victorenator)babel-parser
, babel-types
VISITOR_KEYS
etc. faster to access (@liuxingbaoyu)FAQs
Generate an AST from a string template.
The npm package @babel/template receives a total of 37,396,965 weekly downloads. As such, @babel/template popularity was classified as popular.
We found that @babel/template demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.