Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@lezer/common
Advanced tools
The @lezer/common package is part of the Lezer project, which provides a robust, performance-focused parsing system. This particular package includes common utilities and types that are used across different parts of the Lezer ecosystem. It's designed to support the creation and manipulation of syntax trees, offering tools for parsing, analyzing, and transforming text.
Syntax Tree Navigation
This feature allows for navigating through a syntax tree. The code sample demonstrates how to create a cursor from a syntax tree and iterate over its nodes, printing the name of each node's type. This is useful for analyzing or transforming the structure of parsed documents.
let cursor = tree.cursor();
while(cursor.next()) {
console.log(cursor.node.type.name);
}
Tree Fragment Reuse
Enables efficient parsing by reusing parts of an old syntax tree. The code shows how to apply changes to an array of tree fragments and then use these fragments to assist in parsing a new tree. This significantly improves performance when making incremental updates to a document.
let fragment = TreeFragment.applyChanges(fragments, changes);
let newTree = parser.parse({fragments: [fragment]});
Syntax Node Access
Facilitates direct access to specific nodes within a syntax tree based on position. The example code retrieves a node at a given position (5) and logs its name and the range it spans. This is particularly useful for pinpointing elements in a document for further inspection or modification.
let node = tree.resolve(5);
console.log(node.name, node.from, node.to);
Chevrotain is a fast and feature-rich parser building toolkit for JavaScript. Unlike @lezer/common, which is part of a specific parsing system, Chevrotain provides a more general toolkit for building parsers from scratch. It offers a higher level of customization but might require more setup for specific tasks.
Nearley is a simple, fast, and powerful parsing toolkit for JavaScript. It is designed to be flexible and easy to use, supporting a wide range of grammars. Compared to @lezer/common, Nearley focuses more on the grammar and less on the manipulation of syntax trees, making it a good choice for projects where grammar is a primary concern.
PEG.js is a parser generator for JavaScript based on the Parsing Expression Grammar (PEG) syntax. It generates parsers with a focus on performance and error reporting. While PEG.js emphasizes the generation of parsers from grammars, @lezer/common is part of a system that includes predefined parsers and utilities for working with syntax trees.
[ WEBSITE | ISSUES | FORUM | CHANGELOG ]
Lezer is an incremental parser system intended for use in an editor or similar system.
@lezer/common provides the syntax tree data structure and parser abstractions for Lezer parsers.
Its programming interface is documented on the website.
This code is licensed under an MIT license.
0.15.12 (2022-03-18)
Work around a TypeScript issue that caused it to infer return type any
for resolve
and resolveInner
.
Fix a bug in incremental mixed-language parsing where it could incorrectly add a parse range twice, causing a crash in the inner parser.
FAQs
Syntax tree data structure and parser interfaces for the lezer parser
The npm package @lezer/common receives a total of 1,286,217 weekly downloads. As such, @lezer/common popularity was classified as popular.
We found that @lezer/common demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.