Security News
/Research
node-ipc npm Package Compromised in Supply Chain Attack
Socket detected malicious node-ipc versions with obfuscated stealer/backdoor behavior in a developing npm supply chain attack.
By Socket Research Team - May 14, 2026
🚨 Latest Research:Tanstack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack.Learn More →
@rhinostone/swig-core
Advanced tools
@rhinostone/swig-core
Shared IR, backend, and runtime for the @rhinostone/swig family of template engines.
@rhinostone/swig-core
Shared runtime for the
@rhinostone/swigfamily of template engines. Not intended for direct consumption unless you are building a custom frontend. Install @rhinostone/swig for the default Swig (Jinja2/Django-inspired) flavor, or @rhinostone/swig-twig for the Twig flavor — both pull this package in pinned to the matching version.
Extracted from @rhinostone/swig@1.6.0 during the 2.0.0-alpha.1 multi-flavor carve. See ROADMAP.md for the release narrative.
What lives here
- IR types and helpers (
lib/ir.js) — the intermediate representation emitted by frontend parsers and consumed by the backend. - Backend (
lib/backend.js) — lowers IR to compiled JavaScript source vianew Function(...). - Engine wiring (
lib/engine.js) —engine.install(self, frontend)glues a frontend (tags, filters, parser, lexer) onto the shared runtime. - Expression-level TokenParser (
lib/tokenparser.js) — IR emission for inline expressions, shared across frontends. - Runtime primitives (
lib/utils.js,lib/security.js,lib/cache.js,lib/loaders/,lib/filters.js,lib/dateformatter.js,lib/tokentypes.js).
Consumers
- @rhinostone/swig — default Swig flavor.
- @rhinostone/swig-twig — Twig parity frontend.
Versioning
Frontends and the core release in lockstep. Cross-package dependencies pin to the matching exact version (no caret, no tilde). Do not upgrade swig-core independently of the frontend that consumes it.
Repository
Source lives in the @rhinostone/swig monorepo: gina-io/swig/packages/swig-core. File issues and PRs at gina-io/swig.
License
MIT. See LICENSE in the monorepo root.
FAQs
Shared IR, backend, and runtime for the @rhinostone/swig family of template engines.
We found that @rhinostone/swig-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 14 May 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks
TeamPCP and BreachForums are promoting a Shai-Hulud supply chain attack contest with a $1,000 prize for the biggest package compromise.
By Sarah Gooding - May 14, 2026
Security News
Packagist Urges Immediate Composer Update After GitHub Actions Token Leak
Packagist urges PHP projects to update Composer after a GitHub token format change exposed some GitHub Actions tokens in CI logs.
By Sarah Gooding - May 13, 2026