Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@codeque/cli
Advanced tools
Multiline code search for every language. Structural code search for JavaScript, TypeScript, HTML and CSS
Website • Docs • Roadmap • Mission • Playground
Find and lint complex code patterns effortlessly
CodeQue is semantic code search engine that understands the code syntax.
It matches code structurally which makes it excellent for more complex queries.
Query language offers wildcards, partial matching and ignores code formatting.
Structural code search is available for JavaScript, TypesScript, HTML, CSS, Python, Lua and more soon.
Text code search with handy wildcards is available for every language and covers common regex search use cases.
Just paste code snippet to start searching, no installation needed!
Integrations
CodeQue is available as:
All CodeQue tools work offline hence code never leaves your local environment.
Coming soon
CodeQue will be soon available as:
🔔 Get notified about updates 🔔
CodeQue CLI is a complementary tool that can be used for
yarn global add @codeque/cli
Run codeque
to start CLI query editor.
codeque
Type query and hit ctrl+s
to run your first search!
Find out how to use wildcards and discover search modes in codeque docs!
In first place it's code search, so you can use it to search any code (as long as it is TypeScript or JavaScript - more languages in future).
Here are some use cases where CodeQue shines ✨
Once you spot some code pattern in more than one place, you can just copy and search for it.
You will find all occurrences and you will be bale to get rid of repetition forever!
I love using CodeQue to look for specific function or React hook usage. It's faster than looking for API into docs.
This a typical query that you can use to find usage of some React hook.
const $$$ = useMyHook();
You can use CLI to ensure that some bad code patterns will not be introduced into the codebase.
It's not that handy as ESLint (an CodeQue ESLint plugin is commit soon!), but at least you will not waste time for implementing custom plugins!
Use this to ensure there are no skipped tests in the codebase:
codeque --query "$$.skip()" "$$.only()" --invertExitCode
Flag
--invertExitCode
will revert default behavior of exit codes, and return non zero exit code when matches would be found.
I use codeque with text
mode for my pre-commit hook.
text
mode is faster than other modes, because it's regexp based.
I want to ensure there will be no console.logs, todos, and skipped tests introduced in my commit.
.git/hooks/pre-commit
content
#!/bin/sh
codeque --git --query '$$.only(' '$$.skip(' 'console.log(' '// todo' --mode text --invertExitCode --caseInsensitive
if [ $? -ge 1 ] ; then
echo '🛑 Found restricted code. Terminating.'
exit 1
fi
codeque
Opens interactive terminal editor to type query and performs structural code search in current working directory. Alternatively performs search based on query provided as an param or query file.
codeque [options]
-m, --mode [mode]
- Search mode: exact, include, include-with-order, text (optional)-r, --root [root]
- Root directory for search (default: process.cwd()) (optional)-e, --entry [entry]
- Entry point to determine search files list based on it's imports (excluding nodeˍmodules) (optional)-i, --caseInsensitive
- Perform search with case insensitive mode (optional)-l, --limit [limit]
- Limit of results count to display (optional)-q, --query [query...]
- Inline search query(s) (optional)-qp, --queryPath [queryPath...]
- Path to file(s) with search query(s) (optional)-g, --git
- Search in files changed since last git commit (optional)-iec, --invertExitCode
- Return non-zero exit code if matches are found. Useful for creating assertions (optional)-v, --version
- Print CLI version (optional)-pfl, --printFilesList
- Print list of searched files (optional)-ogi, --omitGitIgnore
- Search files regardless .gitignore settings (optional)-ae, --allExtensions
- Search in all file extensions. Useful for text search mode. (optional)Feel free to use Github Issues to
FAQs
Multiline code search for every language. Structural code search for JavaScript, TypeScript, HTML and CSS
We found that @codeque/cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.