Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@jsverse/transloco-keys-manager
Advanced tools
Extract translatable keys from projects that uses Transloco
[!IMPORTANT]
The Transloco packages are now published under the @jsverse scope, update your dependencies to get the latest features 🚀
🦄 The Key to a Better Translation Experience
Translation is a tiresome and repetitive task. Each time we add new text, we need to create a new entry in the translation file, find the correct placement for it, etc. Moreover, when we delete existing keys, we need to remember to remove them from each translation file.
To make the process less burdensome, we've created two tools for the Transloco library, which will do the monotonous work for you.
Assuming you've already added Transloco to your project, run the following schematics command:
ng g @jsverse/transloco:keys-manager
At this point, you'll have to choose whether you want to use the CLI, Webpack Plugin, or both. The project will be updated according to your choice.
Note: if you're going to use the Webpack plugin, and you've already defined other Webpack plugins in your project, you should manually add the Keys Manager plugin to the list, rather than using the schematics command.
Install the Transloco keys manager package via yarn
or npm
by running:
npm i -D @jsverse/transloco-keys-manager
yarn add -D @jsverse/transloco-keys-manager
Add the following scripts to your package.json
file:
{
"i18n:extract": "transloco-keys-manager extract",
"i18n:find": "transloco-keys-manager find"
}
The following functionality is available once the installation is complete:
This tool extracts translatable keys from templates and typescript files. Transloco Keys Manager provides two ways of using it:
If you chose the CLI option, you should see the following script in your project's package.json
file:
{
"i18n:extract": "transloco-keys-manager extract"
}
Run npm run i18n:extract
, and it'll extract translatable keys from your project.
The TranslocoExtractKeysWebpackPlugin
provides you with the ability to extract the keys during development, while you're working on the project.
The angular-cli doesn't support adding a custom Webpack config out of the box.
In case you already have support for a custom Webpack config just add the TranslocoExtractKeysWebpackPlugin
in your plugin list.
In case you need to add the support, you can use the keys manager schematics command, and it will do the work for you. (choose the Webpack Plugin option)
You should see a new file named webpack-dev.config.js
configured with TranslocoExtractKeysWebpackPlugin
:
// webpack-dev.config.js
import { TranslocoExtractKeysWebpackPlugin } from '@jsverse/transloco-keys-manager';
export default {
plugins: [
new TranslocoExtractKeysWebpackPlugin(config?),
]
};
Also, you should see an updated definition of the npm start
command:
{
"start": "ng serve --extra-webpack-config webpack-dev.config.js"
}
Now run npm start
and it'll generate new keys whenever a save is made to the project.
The extractor supports scopes out of the box. When you define a new scope in the providers
array:
import { TRANSLOCO_SCOPE, provideTranslocoScope } from '@jsverse/transloco';
@Component({
templateUrl: './admin-page.component.html',
providers: [
{ provide: TRANSLOCO_SCOPE, useValue: 'admin' },
provideTranslocoScope('todo'),
provideTranslocoScope(['another', {scope: 'reallyLong', alias: 'rl'}]),
]
})
export class AdminPageComponent {}
<ng-container *transloco="let t">{{ t('admin.title') }}</ng-container>
It'll extract the scope (admin
in our case) keys into the relevant folder:
📦 assets
┗ 📂 i18n
┃ ┣ 📂 admin
┃ ┃ ┣ 📜 en.json
┃ ┃ ┗ 📜 es.json
┃ ┣ 📜 en.json
┃ ┗ 📜 es.json
Let's say that we're using the following inline loader:
export const loader = ['en', 'es'].reduce((acc, lang) => {
acc[lang] = () => import(`../i18n/${lang}.json`);
return acc;
}, {});
@NgModule({
imports: [TranslocoModule],
providers: [
{
provide: TRANSLOCO_SCOPE,
useValue: {
scope: 'scopeName',
loader
}
}
],
declarations: [YourComponent],
exports: [YourComponent]
})
export class FeatureModule {}
We can add it to the scopePathMap
key in the transloco.config.js
file:
module.exports = {
langs: ['en', 'es'],
scopePathMap: {
scopeName: 'src/app/feature/i18n'
}
};
Now, it'll create the files in the provided folder.
There are times when we need to extract keys with values that may change during runtime. One example can be when you need to use a dynamic expression:
import { TranslocoService } from '@jsverse`/transloco';
class MyComponent {
someMethod() {
const value = translocoService.translate(`key.${type}.postfix`);
}
}
To support such cases, you can add a special comment to your code, which tells the CLI to extract it. It can be added to Typescript files:
import { TranslocoService } from '@jsverse/transloco';
class MyComponent {
/**
* t(key.typeOne.postfix, key.typeTwo.postfix)
* t(this.will.be.extracted)
*/
someMethod() {
const value = translocoService.translate(`key.${type}.postfix`);
}
}
Or to templates:
<!-- t(I.am.going.to.extract.it, this.is.cool) -->
<ng-container *transloco="let t">...</ng-container>
When using comments in the templates they will also inherit the prefix
input value (if exists), and will be prefixed with it:
<!-- t(this.is.cool) -->
<ng-container *transloco="let m; prefix: 'messages'">
...
<!-- t(success, error) -->
<ng-container *transloco="let g; prefix: 'general'">
...
<!-- t(ok, cancel) -->
</ng-container>
</ng-container>
The extracted keys for the code above will be:
{
"this.is.cool": "",
"messages.success": "",
"messages.error": "",
"general.ok": "",
"general.cancel": ""
}
Notes:
@jsverse/transloco
present somewhere in the file, if it's an import or
simply adding a comment // @jsverse/transloco
.<!-- For dropdown t(dynamic.1, dynamic.2) -->
If you want to extract some standalone strings that are not part of any translation call (via the template or service) you can wrap them with the marker function to tell the keys manager to extract them:
import { marker } from '@jsverse/transloco-keys-manager';
class MyClass {
static titles = {
username: marker('auth.username'), // ==> 'auth.username'
password: marker('auth.password') // ==> 'auth.password'
};
...
}
The marker function will return the string which was passed to it. You can alias the marker function if needed:
import { marker as _ } from '@jsverse/transloco-keys-manager';
class MyClass {
static titles = {
username: _('auth.username'),
password: _('auth.password')
};
...
}
prefix
input:<ng-container *transloco="let t; prefix: 'dashboard'">
<h1>{{ t('title') }}</h1>
<p>{{ t('desc') }}</p>
</ng-container>
The extracted keys for the code above will be:
{
"dashboard.title": "",
"dashboard.desc": ""
}
<!-- Supported by the transloco pipe and structural directive -->
<comp [placeholder]="condition ? 'keyOne' : 'keyTwo' | transloco"></comp>
<h1>{{ condition ? 'keyOne' : 'keyTwo' | transloco }}</h1>
<comp *transloco="let t; prefix: 'ternary'">
<h1>{{ t(condition ? 'keyOne' : 'keyTwo') }}</h1>
</comp>
<comp *transloco="let t;">
<h1>{{ t('key', {value: '123', another: property}) }}</h1>
<p>{{ 'description' | transloco:{'param': 123} }}</p>
<footer transloco="footer" [translocoParams]="{param: 123}"></footer>
</comp>
import {translate} from '@jsverse/transloco';
translate('key', {param: 123});
class MyComponent {
someMethod() {
const value = translocoService.translate(`key`, {param: 123});
const value$ = translocoService.selectTranslate(`key`, {param: 123});
// Only literal params are supported, the following won't be extracted:
translocoService.translate(`key`, this.myParams);
}
}
This tool detects two things: First, it detects any key that exists in one of your translation files but is missing in any of the others. Secondly, it detects any key that exists in the translation files but is missing from any of the templates or typescript files.
After installing the library, you should see the following script in your project's package.json
file:
{
"i18n:find": "transloco-keys-manager find"
}
Run npm run i18n:find
, and you'll get a lovely list that summarizes the keys found.
config
: The root search directory for the transloco config file: (default is process.cwd()
)transloco-keys-manager extract --config src/my/path
transloco-keys-manager extract -c src/my/path
project
*: The targeted project (default is defaultProject
). The sourceRoot
of this project will be extracted
from the angular.json
file and will prefix the default input
, output
, and translationPath
properties, So
when overriding these options make sure you provide the full path.
In addition, the transloco config file will be searched in the project's sourceRoot
(unless the config
option is passed):transloco-keys-manager extract --project first-app
Note: If no angular.json
file is present, sourceRoot
will be src
.
translationsPath
: The path for the root directory of the translation files (default is ${sourceRoot}/assets/i18n
)transloco-keys-manager find --translations-path src/assets/my/path
transloco-keys-manager find -p src/assets/my/path
input
: The source directory for all files using the translation keys: (default is [${sourceRoot}/app']
)transloco-keys-manager extract --input src/my/path
transloco-keys-manager extract --input src/my/path,project/another/path
transloco-keys-manager extract -i src/my/path
Note: If a project
is provided the default input value will be determined by the projectType
, when given a library the default input value will be ['${sourceRoot}/lib']
.
output
: The target directory for all generated translation files: (default is ${sourceRoot}/assets/i18n
)transloco-keys-manager extract --output my/path
transloco-keys-manager extract -o my/path
fileFormat
: The translation file format 'json' | 'pot'
: (default is json
)transloco-keys-manager extract --file-format pot
transloco-keys-manager extract -f pot
langs
: The languages files to generate: (default is [en]
)transloco-keys-manager extract --langs en es it
transloco-keys-manager extract -l en es it
marker
: The marker sign for dynamic values: (default is t
)transloco-keys-manager extract --marker _
transloco-keys-manager extract -m _
sort
: Whether to sort the keys using JS sort()
method: (default is false
)transloco-keys-manager extract --sort
unflat
: Whether to unflat
instead of flat
: (default is flat
)transloco-keys-manager extract --unflat
transloco-keys-manager extract -u
If you are using unflat files keep in mind that “parent” keys won't be usable for a separate translation value, i.e. if you have two keys first
and first.second
you cannot assign a value to first
as the translation file will look like { "first": { "second": "…" } }
.
During key extraction you will get a warning with a list of concerned keys you have to check for.
defaultValue
: The default value of a generated key: (default is Missing value for {{key}}
)transloco-keys-manager extract --default-value missingValue
transloco-keys-manager extract -d "{{key}} translation is missing"
There are several placeholders that are replaced during extraction:
{{key}}
- complete key including the scope.{{keyWithoutScope}}
- key value without the scope.{{scope}}
- the key's scope.{{params}}
- the params used for this key.replace
: Replace the contents of a translation file (if it exists) with the generated one (default value is false
, in which case files are merged)transloco-keys-manager extract --replace
transloco-keys-manager extract -r
removeExtraKeys
: Remove extra keys from existing translation files (defaults to false
)transloco-keys-manager extract --remove-extra-keys
transloco-keys-manager extract -R
addMissingKeys
: Add missing keys that were found by the detective (default is false
)transloco-keys-manager find --add-missing-keys
transloco-keys-manager find -a
emitErrorOnExtraKeys
: Emit an error and exit the process if extra keys were found (default is false
)transloco-keys-manager find --emit-error-on-extra-keys
transloco-keys-manager find -e
help
:transloco-keys-manager --help
transloco-keys-manager -h
If you installed transloco via the schematics, a transloco.config.ts
should have been created.
Otherwise, you can just create a transloco.config.ts
in the project's root folder and add the configuration in it:
import {TranslocoGlobalConfig} from "@jsverse/transloco-utils";
const config: TranslocoGlobalConfig = {
rootTranslationsPath?: string;
langs?: string[];
keysManager: {
input?: string | string[];
output?: string;
fileFormat?: 'json' | 'pot';
marker?: string;
addMissingKeys?: boolean;
emitErrorOnExtraKeys?: boolean;
replace?: boolean;
defaultValue?: string | undefined;
unflat?: boolean;
}
};
export default config;
You can extend the keys manager default logs by setting the DEBUG
environment variable:
{
"i18n:extract": "DEBUG=tkm:config,tkm:paths transloco-keys-manager extract",
"i18n:find": "DEBUG=* transloco-keys-manager find"
}
Supported namespaces: tkm:*|config|paths|scopes|extraction
, setting tkm:*
will print all the debugger logs.
Thank goes to all these wonderful people who contributed ❤️
FAQs
Extract translatable keys from projects that uses Transloco
The npm package @jsverse/transloco-keys-manager receives a total of 11,166 weekly downloads. As such, @jsverse/transloco-keys-manager popularity was classified as popular.
We found that @jsverse/transloco-keys-manager demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.