@yumemi-inc/statictrace
Advanced tools
Readme
Node.js 14.15.0 or later.
npm install @yumemi-inc/statictrace
You can install statictrace either per-project or globally.
pnpm install
pnpm run build
ts-node:pnpx ts-node src/lib.ts -p /absolute/path/to/tsconfig.json
pnpm run build
pnpm run parse -- -p /absolute/path/to/tsconfig.json
You can omit the -p option by creating an .env file with a TS_PROJECT_CONFIG variable.
TS_PROJECT_CONFIG=/absolute/path/to/tsconfig.json
Other options
u, --use <printer> (optional): choose one of default printer types (text or mermaid).statictrace begins static analysis of your code from a point that is explicitly hinted by a developer. For example, if you want to analyse the registration flow like below, you need to add a JSDoc hint to the function where the flow begins: @entrypoint YourFlowName.
/**
* @entrypoint Registration
*/
function startRegistration() {
processRegistration();
finishRegistration();
untracedFunction();
cleanupSomething();
}
Just doing this produces no output but statictrace internally tracks all function and method calls that occur within startRegistration() and every function calls within those functions until there are no calls. In other words, it builds a static stacktrace. If there are any particular functions and methods that you want to test or document, for example to know whether some functions are called, their call order and parent/child relationship, you need to mark relevant functions with another special comment: @trace.
/** @trace */
function processRegistration() {
someRegistrationProcedure();
}
With this statictrace produces the following output:
Entrypoint: Registration
startRegistration
processRegistration
someRegistrationProcedure
You can use this output as a snapshot of a stacktrace, and use it from your testing library of choice to guarantee that the flow does not change after e.g. refactoring. You can also output the stacktrace as mermaid graphs for documentation purposes (see picture below).
$ statictrace
=======================
Entrypoint: SomeEntrypoint
begin
funcA
funcC
beingNestedEntrypoint
funcA
funcC
funcB
funcB
statictrace -u mermaid > graphs.mdThis is how rendered mermaid graphs look like:
const { run } = require('./build/lib');
const output = run('/absolute/path/to/tsconfig.json', 'text');
// ...do something with output
run(pathToTsConfig: string, printerType: "text" | "mermaid"): anyLoad all project files and build a graph of all function calls marked with @entrypoint or @trace tags. You should pass a printer type as a second argument. A printer is an interface that represents anything that can print (display the static analysis result in one way or another). Currently you cannot provide your own implementations but can choose one of the default ones.
FAQs
A library for semi-automatic static testing.
We found that @yumemi-inc/statictrace demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts, as the NVD backlog of unenriched CVEs awaiting analysis surpasses 10,000.
Security News
Socket is joining forces with CISA and other industry leaders at the RSA Conference to sign the Secure by Design pledge, committing to uphold the highest security standards in our products.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.