Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@codeque/cli
Advanced tools
Multiline code search for every language. Structural code search for JavaScript, TypeScript, HTML and CSS
Website • Docs • Roadmap • Mission • Playground
Streamline your workflow by finding and linting complex code patterns effortlessly.
CodeQue is semantic code search engine that understands the code syntax.
It matches code structurally which makes it excellent for more complex queries.
Query language offers wildcards, partial matching and ignores code formatting.
Structural code search is available for JavaScript, TypesScript, HTML, CSS and more soon.
Text code search with handy wildcards is available for every language and covers common regex search use cases.
Just paste code snippet to start searching, no installation needed!
Integrations
CodeQue is available as:
All CodeQue tools operate offline hence code never leaves your local environment.
Coming soon
CodeQue will be soon available as:
🔔 Get notified about updates 🔔
CodeQue CLI is a complementary tool that can be used for
yarn global add @codeque/cli
Run codeque
to start CLI query editor.
codeque
Type query and hit ctrl+s
to run your first search!
Find out how to use wildcards and discover search modes in codeque docs!
In first place it's code search, so you can use it to search any code (as long as it is TypeScript or JavaScript - more languages in future).
Here are some use cases where CodeQue shines ✨
Once you spot some code pattern in more than one place, you can just copy and search for it.
You will find all occurrences and you will be bale to get rid of repetition forever!
I love using CodeQue to look for specific function or React hook usage. It's faster than looking for API into docs.
This a typical query that you can use to find usage of some React hook.
const $$$ = useMyHook();
You can use CLI to ensure that some bad code patterns will not be introduced into the codebase.
It's not that handy as ESLint (an CodeQue ESLint plugin is commit soon!), but at least you will not waste time for implementing custom plugins!
Use this to ensure there are no skipped tests in the codebase:
codeque --query "$$.skip()" "$$.only()" --invertExitCode
Flag
--invertExitCode
will revert default behavior of exit codes, and return non zero exit code when matches would be found.
I use codeque with text
mode for my pre-commit hook.
text
mode is faster than other modes, because it's regexp based.
I want to ensure there will be no console.logs, todos, and skipped tests introduced in my commit.
.git/hooks/pre-commit
content
#!/bin/sh
codeque --git --query '$$.only(' '$$.skip(' 'console.log(' '// todo' --mode text --invertExitCode --caseInsensitive
if [ $? -ge 1 ] ; then
echo '🛑 Found restricted code. Terminating.'
exit 1
fi
codeque
Opens interactive terminal editor to type query and performs structural code search in current working directory. Alternatively performs search based on query provided as an param or query file.
codeque [options]
-m, --mode [mode]
- Search mode: exact, include, include-with-order, text (optional)-r, --root [root]
- Root directory for search (default: process.cwd()) (optional)-e, --entry [entry]
- Entry point to determine search files list based on it's imports (excluding nodeˍmodules) (optional)-i, --caseInsensitive
- Perform search with case insensitive mode (optional)-l, --limit [limit]
- Limit of results count to display (optional)-q, --query [query...]
- Inline search query(s) (optional)-qp, --queryPath [queryPath...]
- Path to file(s) with search query(s) (optional)-g, --git
- Search in files changed since last git commit (optional)-iec, --invertExitCode
- Return non-zero exit code if matches are found. Useful for creating assertions (optional)-v, --version
- Print CLI version (optional)-pfl, --printFilesList
- Print list of searched files (optional)-ogi, --omitGitIgnore
- Search files regardless .gitignore settings (optional)-ae, --allExtensions
- Search in all file extensions. Useful for text search mode. (optional)Feel free to use Github Issues to
FAQs
Multiline code search for every language. Structural code search for JavaScript, TypeScript, HTML and CSS
The npm package @codeque/cli receives a total of 5 weekly downloads. As such, @codeque/cli popularity was classified as not popular.
We found that @codeque/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.