Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
@lingui/codemods
Advanced tools
Lingui Codemodsjs
This repository contains a collection of codemod scripts for use with JSCodeshift that help update Lingui APIs.
Usage
npx @lingui/codemods <transform> <path> [...options]
transform- name of transform, see available transforms below.path- files or directory to transform- use the
--dryoption for a dry-run - use
--printto print the output for comparison - use
--remove-unused-importsto remove unused imports once finished the codemod
This will start an interactive wizard, and then run the specified transform.
Included Transforms
v2-to-v3
Converts some outdated standards from lingui version 2.x.x to new features and best practices introduced in lingui version 3.x.x
npx @lingui/codemods v2-to-v3 <path>
jscodeshift options
To pass more options directly to jscodeshift, use --jscodeshift="...". For example:
npx @lingui/codemods --jscodeshift="--run-in-band --verbose=2"
See all available options here.
Recast Options
Options to recast's printer can be provided
through jscodeshift's printOptions command line argument
npx @lingui/codemods <transform> <path> --jscodeshift="--printOptions='{\"quote\":\"double\"}'"
Usage without params
A CLI is built-in to help you migrate your codebase, will ask you some questions:
➜ project git:(master) npx @lingui/codemods
? On which files or directory should the codemods be applied? for ex: ./src
? Which dialect of JavaScript do you use? for ex: JavaScript | Typescript | JavaScript with Flow
? Which transform would you like to apply? for ex: `v2-to-v3`
License
@lingui/codemods is MIT licensed.
Keywords
FAQs
@lingui codemod scripts
The npm package @lingui/codemods receives a total of 49 weekly downloads. As such, @lingui/codemods popularity was classified as not popular.
We found that @lingui/codemods demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 26 Oct 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025