Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@tc39/ecma262-biblio
Advanced tools
Machine-readable representation of the internals of the ecma-262 spec
This package, available on npm as @tc39/ecma262-biblio
, contains a machine-readable representation of the terms, clauses, grammar, and abstract operations defined in ECMA-262. This will primarily be of use to people working with the specification itself.
If added as a dependency to a project using ecmarkup, you can load it by passing --load-biblio @tc39/ecma262-biblio
.
It is automatically updated whenever ECMA-262 is. It is inherently unstable: editorial changes to the specification may add, remove, or modify the biblio, which may break your build (for example, if using ecmarkup with --lint-spec --strict
). As such, the usual semver guarantees do not hold. You should pin a precise version of this package.
Major version bumps may be used for breaking changes to the format of the biblio itself. Minor version bumps may be used for non-breaking additions to the biblio format.
This version was built from commit 1699a75b.
FAQs
Machine-readable representation of the internals of the ecma-262 spec
We found that @tc39/ecma262-biblio demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.