Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@parcel/babylon-walk
Advanced tools
Lightweight AST traversal tools for Babylon ASTs.
Babylon is the parser used by the Babel project, which supplies the wonderful babel-traverse module for walking Babylon ASTs. Problem is, babel-traverse is very heavyweight, as it is designed to supply utilities to make all sorts of AST transformations possible. For simple AST walking without transformation, babel-traverse brings a lot of overhead.
This module loosely implements the API of Acorn parser's walk module, which is a lightweight AST walker for the ESTree AST format.
In my tests, babylon-walk's ancestor walker (the most complex walker provided by this module) is about 8 times faster than babel-traverse, if the visitors are cached and the same AST is used for all runs. It is about 16 times faster if a fresh AST is used every run.
$ npm install babylon-walk
var walk = require('babylon-walk');
Do a simple walk over the AST. node
should be the AST node to walk, and visitors
an object containing Babel visitors. Each visitor function will be called as (node, state)
, where node
is the AST node, and state
is the same state
passed to walk.simple
.
When walk.simple
is called with a fresh set of visitors, it will first "explode" the visitors (e.g. expanding Visitor(node, state) {}
to Visitor() { enter(node, state) {} }
). This exploding process can take some time, so it is recommended to cache your visitors and communicate state leveraging the state
parameter. (One difference between the linked article and babylon-walk is that the state is only accessible through the state
variable, never as this
.)
All babel-types aliases (e.g. Expression
) and the union syntax (e.g. 'Identifier|AssignmentPattern'(node, state) {}
) work.
Do a simple walk over the AST, but memoizing the ancestors of the node and making them available to the visitors. node
should be the AST node to walk, and visitors
an object containing Babel visitors. Each visitor function will be called as (node, state, ancestors)
, where node
is the AST node, state
is the same state
passed to walk.ancestor
, and ancestors
is an array of ancestors to the node (with the outermost node being [0]
and the current node being [ancestors.length - 1]
). If state
is not specified in the call to walk.ancestor
, the state
parameter will be set to ancestors
.
When walk.ancestor
is called with a fresh set of visitors, it will first "explode" the visitors (e.g. expanding Visitor(node, state) {}
to Visitor() { enter(node, state) {} }
). This exploding process can take some time, so it is recommended to cache your visitors and communicate state leveraging the state
parameter. (One difference between the linked article and babylon-walk is that the state is only accessible through the state
variable, never as this
.)
All babel-types aliases (e.g. Expression
) and the union syntax (e.g. 'Identifier|AssignmentPattern'(node, state) {}
) work.
Do a recursive walk over the AST, where the visitors are responsible for continuing the walk on the child nodes of their target node. node
should be the AST node to walk, and visitors
an object containing Babel visitors. Each visitor function will be called as (node, state, c)
, where node
is the AST node, state
is the same state
passed to walk.recursive
, and c
is a function that takes a single node as argument and continues walking that node. If no visitor for a node is provided, the default walker algorithm will still be used.
When walk.recursive
is called with a fresh set of visitors, it will first "explode" the visitors (e.g. expanding Visitor(node, state) {}
to Visitor() { enter(node, state) {} }
). This exploding process can take some time, so it is recommended to cache your visitors and communicate state leveraging the state
parameter. (One difference between the linked article and babylon-walk is that the state is only accessible through the state
variable, never as this
.)
Unlike other babylon-walk walkers, walk.recursive
does not call the exit
visitor, only the enter
(the default) visitor, of a specific node type.
All babel-types aliases (e.g. Expression
) and the union syntax (e.g. 'Identifier|AssignmentPattern'(node, state) {}
) work.
In the following example, we are trying to count the number of functions in the outermost scope. This means, that we can simply walk all the statements and increment a counter if it is a function declaration or expression, and then stop walking. Note that we do not specify a visitor for the Program
node, and the default algorithm for walking Program
nodes is used (which is what we want). Also of note is how I bring the visitors
object outside of countFunctions
so that the object can be cached to improve performance.
import * as t from 'babel-types';
import {parse} from 'babylon';
import * as walk from 'babylon-walk';
const visitors = {
Statement(node, state, c) {
if (t.isVariableDeclaration(node)) {
for (let declarator of node.declarations) {
// Continue walking the declarator
c(declarator);
}
} else if (t.isFunctionDeclaration(node)) {
state.counter++;
}
},
VariableDeclarator(node, state) {
if (t.isFunction(node.init)) {
state.counter++;
}
},
};
function countFunctions(node) {
const state = {
counter: 0,
};
walk.recursive(node, visitors, state);
return state.counter;
}
const ast = parse(`
// Counts
var a = () => {};
// Counts
function b() {
// Doesn't count
function c() {
}
}
// Counts
const c = function d() {};
`);
countFunctions(ast);
// = 3
Visitors get called as (path, state)
. Every Path
has these methods (similar to @babel/traverse
):
skip()
replaceWith(node)
remove()
For those of you migrating from Acorn to Babylon, there are a few things to be aware of.
The visitor caching suggestions do not apply to Acorn's walk module, but do for babylon-walk.
babylon-walk does not provide any of the other functions Acorn's walk module provides (e.g. make
, findNode*
).
babylon-walk does not use a base
variable. The walker algorithm is the same as what babel-traverse uses.
property
property of a non-computed MemberExpression
, are walked by babylon-walk.MIT
[2.1.0] - 2022-01-05
@parcel/optimizer-css
for new work in progress CSS minifier - Details@parcel/bundler-experimental
, a much faster work in progress rewrite of Parcel's bundling algorithm - Detailshref
attribute in SVG <image>
tags within HTML - Details@parcel/transformer-typescript-tsc
- Details@parcel/transformers-typescript-types
- DetailscreateImportSpecifier
with TypeScript 4.5+ - Details"sideEffects"
field - Detailssemver
dependency version range - DetailsError
object - Detailslmdb-store
to v2 - Details@parcel/hash
browser polyfill - DetailsBundleGraph#getReferencedBundle
faster - DetailsFAQs
Lightweight Babylon AST traversal
The npm package @parcel/babylon-walk receives a total of 876 weekly downloads. As such, @parcel/babylon-walk popularity was classified as not popular.
We found that @parcel/babylon-walk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.