Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
@tc39/ecma262-biblio
Advanced tools
Machine-readable representation of the internals of the ecma-262 spec
This package, available on npm as @tc39/ecma262-biblio
, contains a machine-readable representation of the terms, clauses, grammar, and abstract operations defined in ECMA-262. This will primarily be of use to people working with the specification itself.
If added as a dependency to a project using ecmarkup, you can load it by passing --load-biblio @tc39/ecma262-biblio
.
It is automatically updated whenever ECMA-262 is. It is inherently unstable: editorial changes to the specification may add, remove, or modify the biblio, which may break your build (for example, if using ecmarkup with --lint-spec --strict
). As such, the usual semver guarantees do not hold. You should pin a precise version of this package.
Major version bumps may be used for breaking changes to the format of the biblio itself. Minor version bumps may be used for non-breaking additions to the biblio format.
This version was built from commit 6c621d2e.
FAQs
Machine-readable representation of the internals of the ecma-262 spec
The npm package @tc39/ecma262-biblio receives a total of 143 weekly downloads. As such, @tc39/ecma262-biblio popularity was classified as not popular.
We found that @tc39/ecma262-biblio demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.