Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
@masterportal/mpconfigparser
Advanced tools
Readme
Switch to the German version.
This is a package offering the tools and definitions needed to parse a Masterportal config.json.md
file. It returns a graph structure describing the options for a config.json
file, and a log of warnings indicating structural errors within the config.json.md
itself.
The Masterportal Admintool uses the returned graph to generate forms. The Masterportal uses the warning log to validate its config.json.md
file and to check whether German and English documentation are structurally identical.
# CLI tool usage
node ./node_modules/mpconfigparser/cli.js ./doc/config.json.md ./doc/config.json.de.md
In the following, the config.json.md
's structure is described.
When ‘config’ is used, it referes to the entire ‘config.json’.
The notation ε, ε2, ... denotes a dot-separated list of title fragments, e.g. "Portalconfig.menu.tools".
This structure describes a circle-free graph, where nodes are chapters. Edges are
The pattern [a]: # (ε)
is used, where a describes the type of relation, and ε the referenced path. This structure is not visible in Markdown viewers and intentionally misappropriated here.
Direct references are modeled by ε using type x with ε.x existing.
After a title and empty line, the line [type:x]: # (ε)
indicates a cross-reference. This defines that, within this chapter, the object "x" is to be structured as described in ε. The same chapter must not contain two definitions [type:x]
and [type:y]
with x.toLowerCase() === y.toLowerCase()
.
After a title and empty line, the line [inherits]: # (ε)
indicates inheritance. All lines of ε are used as basis, and the new definition is copied over it.
Furthermore, the inheriting chapter may be used instead of the chapter inherited from. E.g., when A inherits from B, and C type B for an entry, then B may be used in C instead of A. This also holds transitively.
Abstract chapters can implicitly be declared by never being used as type. E.g., when A inherits from B, but B is never used as a type, B is effectively abstract. This technique can be used to pull common property sets.
Tables describe object structures. Starting from chapter depth h2, all tables are interpreted. Tables have the columns as described in the following order. The column "Expert" is currently optional - when not present, it's assumed that no table rows belong to the expert mode; that is, false
is assumed as its value.
Name | Required | Type | Default | Description | Expert |
---|---|---|---|---|---|
Arbitrary string allowed as object key. The name is used as label after transformation from camelCase to Title Case. | "yes" or "no" are allowed. If "yes" the user must supply a truthy value. | see below | Default value for this entry. Must be readable with JSON.parse and match the type. | Arbitrary description shown on the generated form's input element. Should the text contain "@deprecated", this is shown as a hint, and the field is set read-only. | true or false; if true, the element is only shown in expert mode. |
The field type expects a text matching the following pattern. The user will be offered input elements matching the type.
Number
Boolean
String
Integer
(whole numbers)Float
(synonym to Number
)Coordinate
(chosen by map)Extent
(chosen by map)LayerId
(chosen by dropdown)RestId
(chosen by dropdown)StyleId
(chosen by dropdown)enum[1,2,3]
For any string x not matching by the preceding rules it is assumed that a named object is meant.
Any preceding type may be suffixed with [] to allow setting an arbitrary amount of the specified type.
If multiple types are allowed for a field, they may be separated by a "/". In that case, the user is presented radio buttons to choose the desired type.
FAQs
parses the config.json.md to a tree structure; also usable as validator
We found that @masterportal/mpconfigparser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.