Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
accord-papandreou
Advanced tools
A unified interface for compiled languages and templates in JavaScript
A unified interface for compiled languages and templates in JavaScript.
Note: This project is in early development, and versioning is a little different. Read this for more details.
There are two other libraries that already attempt to provide a common compiler interface: consolidate.js and transformers. After reviewing & using both of them, we designed accord to provide a more maintainable code base and way of writing adapters.
Accord adapters are different because they use standard JavaScript inheritance (aka: classes in CoffeeScript), and they avoid the issues with the mixture of sync and async compilers by using promises for everything.
npm install accord
Accord itself exposes only a JavaScript API. If you are interested in using this library from the command line, check out the accord-cli project.
Since some templating engines are async and others are not, accord keeps things consistent by returning a promise for any task (using when.js). Here's an example in CoffeeScript:
fs = require 'fs'
accord = require 'accord'
jade = accord.load('jade')
# render a string
jade.render('body\n .test')
.done(console.log.bind(console))
# or a file
jade.renderFile('./example.jade')
.done(console.log.bind(console))
# or compile a string to a function
# (only some to-html compilers support this, see below)
jade.compile('body\n .test')
.done(console.log.bind(console))
# or a file
jade.compileFile('./example.jade')
.done(console.log.bind(console))
# compile a client-side js template
jade.compileClient('body\n .test')
.done (res) -> console.log(res.result.toString())
# or a file
jade.compileFileClient('./example.jade')
.done (res) -> console.log(res.result.toString())
It's also important to note that accord returns an object rather than a string from each of these methods. You can access the compiled result on the result
property of this object. If the adapter supports source maps, the source map will also be on this object if you have passed in the correct options. Docs below should explain the methods executed in the example above.
accord.load(string, object)
- loads the compiler named in the first param, npm package with the name must be installed locally, or the optional second param must be the compiler you are after. The second param allows you to load the compiler from elsewhere or load an alternate version if you want, but be careful.
accord.supports(string)
- quick test to see if accord supports a certain compiler. accepts a string, which is the name of language (like markdown) or a compiler (like marked), returns a boolean.
adapter.name
adapter.render(string, options)
- render a string to a compiled stringadapter.renderFile(path, options)
- render a file to a compiled stringadapter.compile(string, options)
- compile a string to a functionadapter.compileFile(path, options)
- compile a file to a functionadapter.compileClient(string, options)
- compile a string to a client-side-ready functionadapter.compileFileClient(string, options)
- compile a file to a client-side-ready functionadapter.clientHelpers()
- some adapters that compile for client also need helpers, this method returns a string of minfied JavaScript with all of themadapter.extensions
- array of all file extensions the compiler should matchadapter.output
- string, expected output extensionadapter.engine
- the actual compiler, no adapter wrapper, if you need itAs of version 0.20.0
, accord ships with a system that can be used to offer full support for any engine across any version, so that the interface remains consistent even in the face of breaking changes to the adapter's API. With this feature in place, you can freely upgrade accord without worrying about any breakage in any libraries you are using, ever.
So for example, if you are using sass and they release a breaking version bump, we will release a new adapter for the new version and cut a new release of accord that includes support for this version. However, if you are still using the old version, it will still work as before so you have as much time as you need to upgrade to the new version.
This does not mean that we immediately support every version of every library infinitely into the past. However, going forward, we will support any new updates to libraries from now on to ensure that nothing breaks for users.
This is a feature that is unique to accord and we are beyond excited to make it available to everyone.
Accord can also compile templates into JavaScript functions, for some languages. This is really useful for client-side rendering. Languages with compile support are listed below. If you try to compile a language without support for it, you will get an error.
We are always looking to add compile support for more languages, but it can be difficult, as client-side template support isn't always the first thing on language authors' minds. Any contributions that help to expand this list are greatly appreciated!
When using a language supporting client-side templates, make sure to check the docs for that language for more details. In general, you'll get back a stringified function from the compileClient
or compileFileClient
methods, and a string of client helpers from the clientHelpers
methods. You can take these, organize them, and write them to files however you wish. Usually the best way is to write the helpers to a file first, then iterate through each of the client-compiled functions, assigning them a name so they can be accessed later on.
Want to add more languages? We have put extra effort into making the adapter pattern structure understandable and easy to add to and test. Rather than requesting that a language be added, please add a pull request and add it yourself! We are quite responsive and will quickly accept if the implementation is well-tested.
Details on running tests and contributing can be found here
Accord now supports source map generation for any language that also supports source maps. At the moment, this includes the following languages:
Accord returns all source maps as javascript objects, and if available will prefer a v3 sourcemap over any other format. You can find the primary sourcemap on the object returned from accord under the sourcemap
key. If there are multiple sourcemaps generated, alternate ones will be avaiable under different keys, which you can find on the object returned from accord after a compile.
To generate a sourcemap, you can pass sourcemap: true
as an option to any compiler and you will get back a sourcemap with the file names, sources, and mappings correctly specified, guaranteed. Each compiler also has it's own way of specifying source map options. If you'd like to dive into those details to customize the output, you are welcome to do so, but it is at your own risk.
If there is a language that now supports sourcemaps and you'd like support for them to be added, get a pull request going and we'll make it happen!
Licensed under MIT
FAQs
A unified interface for compiled languages and templates in JavaScript
The npm package accord-papandreou receives a total of 0 weekly downloads. As such, accord-papandreou popularity was classified as not popular.
We found that accord-papandreou demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.