Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@xml-tools/ast
Advanced tools
Utilities for building and traversing an XML Abstract Syntax Tree ([AST][ast]).
There are two things which distinguish this AST from most others ASTs:
The input for constructing the AST is a CST which is created by the @xml-tools/parser package.
The AST structure is used as part of the input for the @xml-tools/content-assist APIs.
With npm:
npm install @xml-tools/ast
With Yarn
yarn add @xml-tools/ast
Please see the TypeScript Definitions for full API details.
A simple usage example:
const { parse } = require("@xml-tools/parser");
const { buildAst, accept } = require("@xml-tools/ast");
const xmlText = `<note>
<to>Bill</to>
<from>Tim</from>
</note>
`;
const { cst, tokenVector } = parse(xmlText);
const xmlDocAst = buildAst(cst, tokenVector);
console.log(xmlDocAst.rootElement.name); // -> note
// A Visitor allows us to invoke actions on the XML ASTNodes without worrying about
// The XML AST structure / traversal method.
const printVisitor = {
// Will be invoked once for each Element node in the AST.
visitXMLElement: function (node) {
console.log(node.name);
},
// An XML AST Visitor may have other methods as well, see the api.d.ts file/
};
// Invoking the Visitor
accept(xmlDocAst, printVisitor); // -> note, Bill, Tim
Please open issues on github.
See CONTRIBUTING.md.
FAQs
XML Ast and Utilities
The npm package @xml-tools/ast receives a total of 34,730 weekly downloads. As such, @xml-tools/ast popularity was classified as popular.
We found that @xml-tools/ast demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.