Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@formatjs/icu-messageformat-parser
Advanced tools
Hand-written ICU MessageFormat parser with compatible output as [`intl-messageformat-parser`](https://www.npmjs.com/package/intl-messageformat-parser) but 6 - 10 times as fast.
The @formatjs/icu-messageformat-parser package is a parser for ICU MessageFormat strings, which are used for internationalization and localization. It allows developers to parse complex message strings into an abstract syntax tree (AST) that can be manipulated or used to format messages based on different locales and pluralization rules.
Parsing ICU MessageFormat strings
This feature allows you to parse a simple ICU MessageFormat string and obtain an AST representation of it.
import { parse } from '@formatjs/icu-messageformat-parser';
const ast = parse('My name is {name}');
Handling pluralization and select cases
This feature enables parsing of strings with pluralization and select cases, which are essential for proper internationalization.
import { parse } from '@formatjs/icu-messageformat-parser';
const ast = parse('I have {numCats, plural, one {# cat} other {# cats}}');
Support for nested messages
The parser can handle nested messages within an ICU MessageFormat string, allowing for complex message structures.
import { parse } from '@formatjs/icu-messageformat-parser';
const ast = parse('{gender, select, male {He} female {She} other {They}} will respond shortly.');
Argument types parsing
It can parse argument types such as dates and times, which are commonly used in internationalized messages.
import { parse } from '@formatjs/icu-messageformat-parser';
const ast = parse('The event starts on {startDate, date, long}');
This package is a predecessor of @formatjs/icu-messageformat-parser and offers similar functionality for parsing ICU MessageFormat strings. However, @formatjs/icu-messageformat-parser is more up-to-date and maintained by the FormatJS team.
Messageformat is a more comprehensive library that not only parses ICU MessageFormat strings but also compiles them into functions that can be used for formatting messages. It provides a higher-level API compared to @formatjs/icu-messageformat-parser.
Intl-messageformat is another library from the FormatJS suite that builds on top of the parsing capabilities to provide a full message formatting solution. It uses the parser internally but exposes a higher-level API for formatting operations.
Hand-written ICU MessageFormat parser with compatible output as
intl-messageformat-parser
but 6 - 10 times as fast.
$ node benchmark
complex_msg AST length 10861
normal_msg AST length 1665
simple_msg AST length 364
string_msg AST length 131
== Baseline ==
complex_msg x 4,884 ops/sec ±0.97% (91 runs sampled)
normal_msg x 40,113 ops/sec ±1.08% (92 runs sampled)
simple_msg x 200,401 ops/sec ±1.12% (91 runs sampled)
string_msg x 241,103 ops/sec ±0.84% (92 runs sampled)
== This package ==
complex_msg x 31,590 ops/sec ±0.80% (88 runs sampled)
normal_msg x 278,703 ops/sec ±0.83% (95 runs sampled)
simple_msg x 2,038,061 ops/sec ±0.90% (96 runs sampled)
string_msg x 2,392,794 ops/sec ±0.67% (96 runs sampled)
FAQs
Hand-written ICU MessageFormat parser with compatible output as [`intl-messageformat-parser`](https://www.npmjs.com/package/intl-messageformat-parser) but 6 - 10 times as fast.
We found that @formatjs/icu-messageformat-parser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.