![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@lezer/lr
Advanced tools
Package description
@lezer/lr is a library for building efficient parsers in JavaScript. It is part of the Lezer parser system, which is designed to be fast, flexible, and easy to use. The library provides tools to define grammars, build parsers, and work with syntax trees.
Defining a Grammar
This feature allows you to define a grammar for your language. The code sample demonstrates how to define a simple grammar for a language that supports print statements with string literals.
const {parser} = require('@lezer/lr');
const {buildParser} = require('@lezer/generator');
const grammar = `
@top Program { statement* }
statement { "print" String }
String { "\"" (!"\"")* "\"" }
`;
const myParser = buildParser(grammar);
console.log(myParser.parse('print "Hello, World!"'));
Parsing Input
This feature allows you to parse input strings according to the defined grammar. The code sample shows how to parse a simple print statement and output the resulting syntax tree.
const {parser} = require('@lezer/lr');
const {buildParser} = require('@lezer/generator');
const grammar = `
@top Program { statement* }
statement { "print" String }
String { "\"" (!"\"")* "\"" }
`;
const myParser = buildParser(grammar);
const tree = myParser.parse('print "Hello, World!"');
console.log(tree);
Working with Syntax Trees
This feature allows you to work with and traverse syntax trees generated by the parser. The code sample demonstrates how to recursively print the structure of a syntax tree.
const {parser} = require('@lezer/lr');
const {buildParser} = require('@lezer/generator');
const grammar = `
@top Program { statement* }
statement { "print" String }
String { "\"" (!"\"")* "\"" }
`;
const myParser = buildParser(grammar);
const tree = myParser.parse('print "Hello, World!"');
function printTree(node, indent = 0) {
console.log(' '.repeat(indent) + node.type.name);
for (let child of node.children) {
printTree(child, indent + 2);
}
}
printTree(tree.topNode);
Nearley is a fast, feature-rich parser toolkit for JavaScript. It allows you to define grammars in a flexible way and can handle complex parsing tasks. Compared to @lezer/lr, Nearley is more feature-rich but may be less performant for certain tasks.
PEG.js is a simple parser generator for JavaScript based on parsing expression grammars (PEGs). It is easy to use and integrates well with JavaScript projects. Compared to @lezer/lr, PEG.js is simpler but may not offer the same level of performance and flexibility.
ANTLR (Another Tool for Language Recognition) is a powerful parser generator for reading, processing, executing, or translating structured text or binary files. It is widely used and supports multiple languages. Compared to @lezer/lr, ANTLR4 is more powerful and versatile but has a steeper learning curve.
Changelog
0.16.3 (2022-05-11)
Don't crash when a non-Node environment defines a process
global that doesn't have an env
property.
Fix a bug that could cause partially-parsed nodes to be reused when they ended in skipped nodes, when parsing incrementally.
Readme
[ WEBSITE | ISSUES | FORUM | CHANGELOG ]
Lezer ("reader" in Dutch, pronounced pretty much as laser) is an incremental GLR parser intended for use in an editor or similar system, which needs to keep a representation of the program current during changes and in the face of syntax errors.
It prioritizes speed and compactness (both of parser table files and of syntax tree) over having a highly usable parse tree—trees nodes are just blobs with a start, end, tag, and set of child nodes, with no further labeling of child nodes or extra metadata.
This package contains the run-time LR parser library. It consumes parsers generated by @lezer/generator.
The parser programming interface is documented on the website.
The code is licensed under an MIT license.
This project was hugely inspired by tree-sitter.
FAQs
Unknown package
We found that @lezer/lr demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.