Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@codeque/cli
Advanced tools
CodeQue
Supercharged structural code search and replace tool
CodeQue is structural code search tool for TypeScript and JavaScript projects.
CodeQue can be used to search for any code, from simple symbol search to complex multiline patterns.
It reduces struggle by providing accurate results regardless the formatting noise.
It makes it easy to get familiar with codebase and helps make better decisions as a result.
You can also use it as a linter.
Find out more about the project on codeque.co
Try CodeQue Visual Studio Code Extension
Get CodeQue ESLint plugin and create custom linting rules in zero time.
yarn global add @codeque/cli
Run codeque
to start CLI query editor.
codeque
Type query and hit ctrl+s
to run your first search!
Find out how to use wildcards and discover search modes in codeque docs!
In first place it's code search, so you can use it to search any code (as long as it is TypeScript or JavaScript - more languages in future).
Here are some use cases where CodeQue shines ✨
Once you spot some code pattern in more than one place, you can just copy and search for it.
You will find all occurrences and you will be bale to get rid of repetition forever!
I love using CodeQue to look for specific function or React hook usage. It's faster than looking for API into docs.
This a typical query that you can use to find usage of some React hook.
const $$$ = useMyHook();
You can use CLI to ensure that some bad code patterns will not be introduced into the codebase.
It's not that handy as ESLint (an CodeQue ESLint plugin is commit soon!), but at least you will not waste time for implementing custom plugins!
Use this to ensure there are no skipped tests in the codebase:
codeque --query "$$.skip()" "$$.only()" --invertExitCode
Flag
--invertExitCode
will revert default behavior of exit codes, and return non zero exit code when matches would be found.
I use codeque with text
mode for my pre-commit hook.
text
mode is faster than other modes, because it's regexp based.
I want to ensure there will be no console.logs, todos, and skipped tests introduced in my commit.
.git/hooks/pre-commit
content
#!/bin/sh
codeque --git --query '$$.only(' '$$.skip(' 'console.log(' '// todo' --mode text --invertExitCode --caseInsensitive
if [ $? -ge 1 ] ; then
echo '🛑 Found restricted code. Terminating.'
exit 1
fi
codeque
Opens interactive terminal editor to type query and performs structural code search in current working directory. Alternatively performs search based on query provided as an param or query file.
codeque [options]
-m, --mode [mode]
- Search mode: exact, include, include-with-order, text (optional)-r, --root [root]
- Root directory for search (default: process.cwd()) (optional)-e, --entry [entry]
- Entry point to determine search files list based on it's imports (excluding nodeˍmodules) (optional)-i, --caseInsensitive
- Perform search with case insensitive mode (optional)-l, --limit [limit]
- Limit of results count to display (optional)-q, --query [query...]
- Inline search query(s) (optional)-qp, --queryPath [queryPath...]
- Path to file(s) with search query(s) (optional)-g, --git
- Search in files changed since last git commit (optional)-iec, --invertExitCode
- Return non-zero exit code if matches are found. Useful for creating assertions (optional)-v, --version
- Print CLI version (optional)-pfl, --printFilesList
- Print list of searched files (optional)-ogi, --omitGitIgnore
- Search files regardless .gitignore settings (optional)-ae, --allExtensions
- Search in all file extensions. Useful for text search mode. (optional)FAQs
Multiline code search for every language. Structural code search for JavaScript, TypeScript, HTML and CSS
The npm package @codeque/cli receives a total of 5 weekly downloads. As such, @codeque/cli popularity was classified as not popular.
We found that @codeque/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.