Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@webassemblyjs/wast-parser
Advanced tools
@webassemblyjs/wast-parser is a JavaScript library that provides tools for parsing WebAssembly Text Format (WAT or WAST) into an Abstract Syntax Tree (AST). This is useful for developers who need to analyze, transform, or generate WebAssembly code programmatically.
Parsing WAST to AST
This feature allows you to parse a WAST string into an AST. The code sample demonstrates how to parse a simple WebAssembly module written in WAST format into its corresponding AST representation.
const wastParser = require('@webassemblyjs/wast-parser');
const wast = `(module
(func $add (param $lhs i32) (param $rhs i32) (result i32)
get_local $lhs
get_local $rhs
i32.add)
)`;
const ast = wastParser.parse(wast);
console.log(JSON.stringify(ast, null, 2));
Error Handling
This feature provides error handling capabilities when parsing invalid WAST code. The code sample shows how to catch and handle parsing errors.
const wastParser = require('@webassemblyjs/wast-parser');
const invalidWast = `(module
(func $add (param $lhs i32) (param $rhs i32) (result i32)
get_local $lhs
get_local $rhs
i32.add
)`; // Missing closing parenthesis
try {
const ast = wastParser.parse(invalidWast);
} catch (e) {
console.error('Parsing error:', e.message);
}
AST Traversal
This feature allows you to traverse the AST generated from WAST. The code sample demonstrates a simple traversal function that logs the type of each node in the AST.
const wastParser = require('@webassemblyjs/wast-parser');
const wast = `(module
(func $add (param $lhs i32) (param $rhs i32) (result i32)
get_local $lhs
get_local $rhs
i32.add)
)`;
const ast = wastParser.parse(wast);
function traverse(node) {
console.log(node.type);
if (node.body) {
node.body.forEach(traverse);
}
}
traverse(ast);
WABT (WebAssembly Binary Toolkit) is a suite of tools for WebAssembly, including a WAST parser. It provides similar functionality to @webassemblyjs/wast-parser but also includes tools for converting between WAST and WASM, validating WebAssembly modules, and more.
AssemblyScript is a TypeScript-like language that compiles to WebAssembly. It includes a parser for its own syntax, which is similar to WAST. While it is more focused on providing a high-level language for WebAssembly development, it offers some overlapping functionality with @webassemblyjs/wast-parser.
Binaryen is a compiler and toolchain infrastructure library for WebAssembly. It includes a WAST parser and provides optimization and transformation tools for WebAssembly code. It is more comprehensive in terms of optimization and code generation compared to @webassemblyjs/wast-parser.
WebAssembly text format parser
yarn add @webassemblyjs/wast-parser
import { parse } from "@webassemblyjs/wast-parser";
const ast = parse(source);
FAQs
WebAssembly text format parser
The npm package @webassemblyjs/wast-parser receives a total of 3,208,944 weekly downloads. As such, @webassemblyjs/wast-parser popularity was classified as popular.
We found that @webassemblyjs/wast-parser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.