🚀 Big News:Socket Has Acquired Secure Annex.Learn More →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@es-joy/estraverse

Package Overview
Dependencies
Maintainers
2
Versions
4
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@es-joy/estraverse

ECMAScript JS AST traversal functions

latest
Source
npmnpm
Version
7.1.1
Version published
Weekly downloads
69
-61.02%
Maintainers
2
Weekly downloads
 
Created
Source

Estraverse Build Status

@es-joy/estraverse (estraverse) is a fork of estraverse.

ECMAScript traversal functions from esmangle project.

Documentation

You can find usage docs at wiki page.

Example Usage

The following code will output all variables declared at the root of a file.

estraverse.traverse(ast, {
    enter (node, parent) {
        if (node.type == 'FunctionExpression' || node.type == 'FunctionDeclaration')
            return estraverse.VisitorOption.Skip;
    },
    leave (node, parent) {
        if (node.type == 'VariableDeclarator')
          console.log(node.id.name);
    }
});

We can use this.skip, this.remove and this.break functions instead of using Skip, Remove and Break.

estraverse.traverse(ast, {
    enter (node) {
        this.break();
    }
});

And estraverse provides estraverse.replace function. When returning node from enter/leave, current node is replaced with it.

const result = estraverse.replace(tree, {
    enter (node) {
        // Replace it with replaced.
        if (node.type === 'Literal')
            return replaced;
    }
});

By passing visitor.keys mapping, we can extend estraverse traversing functionality.

// This tree contains a user-defined `TestExpression` node.
const tree = {
    type: 'TestExpression',

    // This 'argument' is the property containing the other **node**.
    argument: {
        type: 'Literal',
        value: 20
    },

    // This 'extended' is the property not containing the other **node**.
    extended: true
};
estraverse.traverse(tree, {
    enter (node) { },

    // Extending the existing traversing rules.
    keys: {
        // TargetNodeName: [ 'keys', 'containing', 'the', 'other', '**node**' ]
        TestExpression: ['argument']
    }
});

By passing visitor.fallback option, we can control the behavior when encountering unknown nodes.

// This tree contains a user-defined `TestExpression` node.
const tree = {
    type: 'TestExpression',

    // This 'argument' is the property containing the other **node**.
    argument: {
        type: 'Literal',
        value: 20
    },

    // This 'extended' is the property not containing the other **node**.
    extended: true
};
estraverse.traverse(tree, {
    enter (node) { },

    // Iterating the child **nodes** of unknown nodes.
    fallback: 'iteration'
});

When visitor.fallback is a function, we can determine which keys to visit on each node.

// This tree contains a user-defined `TestExpression` node.
const tree = {
    type: 'TestExpression',

    // This 'argument' is the property containing the other **node**.
    argument: {
        type: 'Literal',
        value: 20
    },

    // This 'extended' is the property not containing the other **node**.
    extended: true
};
estraverse.traverse(tree, {
    enter (node) { },

    // Skip the `argument` property of each node
    fallback(node) {
        return Object.keys(node).filter((key) => {
            return key !== 'argument';
        });
    }
});

License

Copyright (C) 2012-2016 Yusuke Suzuki (twitter: @Constellation) and other contributors.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  • Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

  • Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Keywords

traversal

FAQs

Package last updated on 26 Sep 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket Has Acquired Secure Annex

Company News

Socket Has Acquired Secure Annex

Socket has acquired Secure Annex to expand extension security across browsers, IDEs, and AI tools.

By Feross Aboukhadijeh  -  Apr 28, 2026
73 Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations

Research

/

Security News

73 Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations

Socket is tracking cloned Open VSX extensions tied to GlassWorm, with several updated from benign-looking sleepers into malware delivery vehicles.

By Socket Research Team  -  Apr 25, 2026
Introducing Reachability for PHP

Product

Introducing Reachability for PHP

Reachability analysis for PHP is now available in experimental, helping teams identify which vulnerabilities are actually exploitable.

By Benjamin Barslev  -  Apr 24, 2026