Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@putout/printer
Advanced tools
Prints Babel AST to readable JavaScript. Use 🐊Putout to parse your code.
You may also use Babel 8 with estree-to-babel
for ESTree and Babel AST to put .extra.raw
to .raw
(which is simpler for transforms, no need to use Optional Chaining and add extra values every time).
Supports:
npm i @putout/printer
Printer has first class support from 🐊Putout with help of @putout/plugin-printer
. So install:
npm i @putout/plugin-printer -aD
And update .putout.json
:
{
"printer": "putout",
"plugins": ["printer"]
}
To benefit from it.
const {print} = require('@putout/printer');
const {parse} = require('putout');
const ast = parse('const a = (b, c) => {const d = 5; return a;}');
print(ast);
// returns
`
const a = (b, c) => {
const d = 5;
return a;
};
`;
When you need to extend syntax of @putout/printer
just pass a function which receives:
path
, Babel Pathwrite
, a function to output result of printing into token array;When path
contains to dashes __
and name, it is the same as: write(path.get('right'))
, and this is
actually traverse(path.get('right'))
shortened to simplify read and process.
Here is how you can override AssignmentPattern
:
const ast = parse('const {a = 5} = b');
print(ast, {
format: {
indent: ' ',
newline: '\n',
space: ' ',
splitter: '\n',
quote: `'`,
endOfFile: '\n',
},
semantics: {
comments: true,
maxSpecifiersInOneLine: 2,
maxElementsInOneLine: 3,
maxVariablesInOneLine: 4,
maxPropertiesInOneLine: 2,
trailingComma: true,
encodeSingleQuote: true,
encodeDoubleQuote: false,
roundBraces: true,
},
visitors: {
AssignmentPattern(path, {print}) {
print('/* [hello world] */= ');
print('__right');
},
},
});
// returns
'const {a/* [hello world] */= 5} = b;\n';
format
Options related to visuals and not related to logic of output can be changed with help of format
,
you can override next options:
const overrides = {
format: {
indent: ' ',
newline: '\n',
space: ' ',
splitter: '\n',
endOfFile: '\n',
},
};
indent
- use two spaces, tabs, or anything you want;newline
- symbol used for line separation;space
- default symbol used for space character;splitter
- mandatory symbol that used inside of statements like this:Default options produce:
if (a > 3)
console.log('ok');
else
console.log('not ok');
But you can override them with:
const overrides = {
format: {
indent: '',
newline: '',
space: '',
splitter: ' ',
},
};
And have minified code:
if(a>3)console.log('ok');else console.log('not ok');
Options used to configure logic of output, similar to ESLint rules:
maxElementsInOneLine
- count of ArrayExpression
and ArrayPattern
elements placed in one line.maxVariablesInOneLine
- count of VariableDeclarators
in one line.maxPropertiesInOneLine
- count of ObjectProperties
in one line.roundBraces
- to output braces in a single argument arrow function expressions: (a) => {}
or not a => {}
.When you want to improve support of existing visitor or extend Printer with a new ones, you need next base operations:
When you need to override behavior of existing visitor use:
import {print, visitors as v} from '@putout/printer';
print(ast, {
visitors: {
CallExpression(path, printer, semantics) {
const {print} = printer;
if (!path.node.goldstein)
return v.CallExpression(path, printer, semantics);
print('__goldstein');
},
},
});
print
Used in previous example print
can be used for a couple purposes:
string
;node
when object
passed;node
when string
started with __
;print(ast, {
visitors: {
AssignmentPattern(path, {print, maybe}) {
maybe.write.newline(path.parentPath.isCallExpression());
print('/* [hello world] */= ');
print('__right');
},
},
});
maybe
When you need some condition use maybe
. For example, to add newline only when parent node is CallExpression
you
can use maybe.write.newline(condition)
:
print(ast, {
visitors: {
AssignmentPattern(path, {write, maybe}) {
maybe.write.newline(path.parentPath.isCallExpression());
write(' /* [hello world] */= ');
write('__right');
},
},
});
write
When you going to output string you can use low-level function write
:
print(ast, {
visitors: {
BlockStatement(path, {write}) {
write('hello');
},
},
});
indent
When you need to add indentation use indent
, for example when you output body,
you need to increment indentation, and then decrement it back:
print(ast, {
visitors: {
BlockStatement(path, {write, indent}) {
write('{');
indent.inc();
indent();
write('some;');
indent.dec();
write('{');
},
},
});
traverse
When you need to traverse node path, you can use traverse
:
print(ast, {
visitors: {
AssignmentExpression(path, {traverse}) {
traverse(path.get('left'));
},
},
});
This is the same as print('__left')
but more low-level, and supports only objects.
About speed, for file speed.js
:
const {readFileSync} = require('fs');
const putout = require('putout');
const parser = require('@babel/parser');
const code = readFileSync('./lib/tokenize/tokenize.js', 'utf8');
const ast = parser.parse(code);
speed('recast');
speed('putout');
function speed(printer) {
console.time(printer);
for (let i = 0; i < 1000; i++) {
putout(code, {
printer,
plugins: ['remove-unused-variables'],
});
}
console.timeEnd(printer);
}
With contents of tokenize.js
, we have:
MIT
FAQs
Simplest possible opinionated Babel AST printer for 🐊Putout
The npm package @putout/printer receives a total of 5,854 weekly downloads. As such, @putout/printer popularity was classified as popular.
We found that @putout/printer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.