Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@formatjs/icu-messageformat-parser
Advanced tools
Hand-written ICU MessageFormat parser with compatible output as [`intl-messageformat-parser`](https://www.npmjs.com/package/intl-messageformat-parser) but 6 - 10 times as fast.
The @formatjs/icu-messageformat-parser package is a parser for ICU MessageFormat strings, which are used for internationalization and localization. It allows developers to parse complex message strings into an abstract syntax tree (AST) that can be manipulated or used to format messages based on different locales and pluralization rules.
Parsing ICU MessageFormat strings
This feature allows you to parse a simple ICU MessageFormat string and obtain an AST representation of it.
import { parse } from '@formatjs/icu-messageformat-parser';
const ast = parse('My name is {name}');
Handling pluralization and select cases
This feature enables parsing of strings with pluralization and select cases, which are essential for proper internationalization.
import { parse } from '@formatjs/icu-messageformat-parser';
const ast = parse('I have {numCats, plural, one {# cat} other {# cats}}');
Support for nested messages
The parser can handle nested messages within an ICU MessageFormat string, allowing for complex message structures.
import { parse } from '@formatjs/icu-messageformat-parser';
const ast = parse('{gender, select, male {He} female {She} other {They}} will respond shortly.');
Argument types parsing
It can parse argument types such as dates and times, which are commonly used in internationalized messages.
import { parse } from '@formatjs/icu-messageformat-parser';
const ast = parse('The event starts on {startDate, date, long}');
This package is a predecessor of @formatjs/icu-messageformat-parser and offers similar functionality for parsing ICU MessageFormat strings. However, @formatjs/icu-messageformat-parser is more up-to-date and maintained by the FormatJS team.
Messageformat is a more comprehensive library that not only parses ICU MessageFormat strings but also compiles them into functions that can be used for formatting messages. It provides a higher-level API compared to @formatjs/icu-messageformat-parser.
Intl-messageformat is another library from the FormatJS suite that builds on top of the parsing capabilities to provide a full message formatting solution. It uses the parser internally but exposes a higher-level API for formatting operations.
Hand-written ICU MessageFormat parser with compatible output as
intl-messageformat-parser
but 6 - 10 times as fast.
$ node benchmark
complex_msg AST length 10861
normal_msg AST length 1665
simple_msg AST length 364
string_msg AST length 131
== Baseline ==
complex_msg x 4,884 ops/sec ±0.97% (91 runs sampled)
normal_msg x 40,113 ops/sec ±1.08% (92 runs sampled)
simple_msg x 200,401 ops/sec ±1.12% (91 runs sampled)
string_msg x 241,103 ops/sec ±0.84% (92 runs sampled)
== This package ==
complex_msg x 31,590 ops/sec ±0.80% (88 runs sampled)
normal_msg x 278,703 ops/sec ±0.83% (95 runs sampled)
simple_msg x 2,038,061 ops/sec ±0.90% (96 runs sampled)
string_msg x 2,392,794 ops/sec ±0.67% (96 runs sampled)
FAQs
Hand-written ICU MessageFormat parser with compatible output as [`intl-messageformat-parser`](https://www.npmjs.com/package/intl-messageformat-parser) but 6 - 10 times as fast.
The npm package @formatjs/icu-messageformat-parser receives a total of 2,770,931 weekly downloads. As such, @formatjs/icu-messageformat-parser popularity was classified as popular.
We found that @formatjs/icu-messageformat-parser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.