Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@glideapps/ts-helper
Advanced tools
ts-helper
This is a simple TypeScript tool we use at Glide for two purposes so far:
- It finds cyclic imports in our source files. We used to
use ESLint's
import/no-cyclerule for this, but on our project it's both very slow and sometimes doesn't find existing cycles. - It outputs a dependency graph of all the TypeScript source files in our project which we can use for further analysis.
Caveats
We've only implemented as much as we needed to make this work on our codebase, so there might be cases it doesn't support, or on which it crashes on. If you run into such a case, please considering sending us a PR, or at least report the issue with a reproduction.
A few of the things that are missing, in particular:
- We don't respect
excludein the project configuration. - We only look at
import(andexport), notrequire. - We treat type import calls such as
type X = import("foo").Baras regular "strong" imports.
Usage
-p|--project TS-PROJECT
Adds a project. TS-PROJECT can be either a directory with a tsconfig.json file in it, or the path to a TypeScript
config file. ts-helper will add project references recursively, but you can add more than one root project if you need
to.
-r|--root SOURCE-FILE
Adds a root TypeScript source file. This file must be in one of the specified projects. You can add more than one.
-c|--detect-cycles
Runs cycle detection on all the source files reachable from the roots. If it detects a cycle it will print one of the cycles it found and exit with an error status.
Note that it only considers "strong" imports for cycle detection, vs type imports and lazy imports.
-o|--output FILENAME
Outputs a JSON file with the dependency graph.
-v|--verbose
Print messages when it's reading and processing projects.
Example
In our main repository for Glide we have two TypeScript projects - one for the frontend and one for the backend. The frontend one has one root source file and the backend has two - one for the actual backend and one for a CLI. Here's how we run ts-helper to detect cycles in that codebase:
npx "@glideapps/ts-helper" \
-p ~/Work/glide/functions \
-r ~/Work/glide/functions/src/cli.ts \
-r ~/Work/glide/functions/src/index.ts \
-p ~/Work/glide/app \
-r ~/Work/glide/app/src/index.tsx \
-c
Keywords
FAQs
Analyze TypeScript projects
The npm package @glideapps/ts-helper receives a total of 5,881 weekly downloads. As such, @glideapps/ts-helper popularity was classified as popular.
We found that @glideapps/ts-helper demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Package last updated on 25 Aug 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024