Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
@putout/compare
Advanced tools
Readme
Compare AST-nodes according to 🦎PutoutScript.
npm i @putout/compare
Get template values from node
according to 🦎PutouScript template
.
node
- AST-node
or code
that will be generated;template
- 🦎PutouScript;const {operator} = require('putout');
const {template} = operator;
const node = template.ast('const [] = a');
getTemplateValues(node, 'const __array = array');
// returns
({
__array: {
type: 'ArrayPattern',
},
});
node
- AST-node
or code
that will be generated;template
- AST-node
with support of template variables
.options
- (optional) - object with properties:
findUp
(default: true
) - find up template node;Compare nodes feats templates
.
Compare any nodes that feats one of templates
compareAny(path, 'const __a = __b', {
findUp: false,
});
Any node.
compare('const x = data', 'const __ = __');
compare('const {x} = data', 'const __ = __');
compare('const x = {data}', 'const __ = __');
compare('<h1>hello</h1>', '<h1>__</h1>');
// returns
true;
ObjectPattern
or ObjectExpression
with any count of properties
.
compare('const {} = data', 'const __object = __');
compare('const {hello} = data', 'const __object = __');
// returns
true;
ArrayPattern
or ArrayExpression
with any count of elements
.
compare('const [] = data', 'const __array = __');
compare('const [hello] = data', 'const __array = __');
compare('const hello = [data]', 'const __ = __array');
// returns
true;
Any count of arguments
:
compare('(a, b, c) => {}', '(__args) => {}');
compare('(a, b) => {}', '(__args) => {}');
compare('() => {}', '(__args) => {}');
// returns
true;
Or linked arguments
:
compare('((a) => fn(a))(value)', '((__args__a) => __c(__args__a))(__args__b)');
// returns
true;
compare('((a) => fn(42))(value)', '((__args__a) => __c(__args__a))(__args__b)');
// returns
false;
Any count of import specifiers
:
compare('import React, {Component} from "react"', 'import __imports from "react"');
// returns
true;
Any count of export specifiers
:
compare('export {scan, fix, report}', 'export {__exports}');
// returns
true;
Any string literal.
compare('const a = "hello"', 'const __ = "__"');
Linked node.
compare('const __a = "hello"', 'const __a = "hello"');
Linked string literal.
compare('const a = "hello"', 'const __a = "__b"');
__a
Linked template literal.
compare('const a = `hello`', 'const __a = `__b`');
// returns
true;
Any BlockStatement
.
compare('const a = () => 0', 'const a = () => __body');
// returns
false;
compare('const a = () => {}', 'const a = () => __body');
// returns
true;
Any count of children of JSXElement
:
compare('<div hello="world"></div>', '<div hello="world">__jsx_children</div>');
// returns
true;
compare('<div hello="world"><span>hi</span></div>', '<div hello="world">__jsx_children</div>');
// returns
true;
Any count of attributes of JSXElement
:
compare('<div hello="world"></div>', '<__a __jsx_attributes/>');
// returns
true;
Any Function
with no arguments
and empty body;
compare('const a = () => {}', 'const __a = __nop');
// returns
true;
compare('const a = async () => {}', 'const a = __nop');
// returns
true;
Any Identifier
compare('const a = 5', 'const __identifier = 5');
// returns
true;
Any Boolean
compare('const a = true', 'const a = __bool');
// returns
true;
Any regexp
compare('const a = /hello/g', 'const a = /__a/');
// returns
true;
MIT
FAQs
compare AST-nodes according to 🦎 PutoutScript
We found that @putout/compare demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.