Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
A unified interface for compiled languages and templates in JavaScript.
Note: This project is in early development, and versioning is a little different. Read this for more details.
There are two other libraries that already attempt to provide a common compiler interface: consolidate.js and transformers. After reviewing & using both of them, we designed accord to provide a more maintainable code base and way of writing adapters.
Accord adapters are different because they use standard JavaScript inheritance (aka: classes in CoffeeScript), and they avoid the issues with the mixture of sync and async compilers by using promises for everything.
npm install accord
Accord itself exposes only a JavaScript API. If you are interested in using this library from the command line, check out the accord-cli project.
Since some templating engines are async and others are not, accord keeps things consistent by returning a promise for any task (using when.js). Here's an example in CoffeeScript:
fs = require 'fs'
accord = require 'accord'
jade = accord.load('jade')
# render a string
jade.render('body\n .test')
.done(console.log.bind(console))
# or a file
jade.renderFile('./example.jade')
.done(console.log.bind(console))
# or compile a string to a function
# (only some to-html compilers support this, see below)
jade.compile('body\n .test')
.done(console.log.bind(console))
# or a file
jade.compileFile('./example.jade')
.done(console.log.bind(console))
# compile a client-side js template
jade.compileClient('body\n .test')
.done (res) -> console.log(res.result.toString())
# or a file
jade.compileFileClient('./example.jade')
.done (res) -> console.log(res.result.toString())
It's also important to note that accord returns an object rather than a string from each of these methods. You can access the compiled result on the result
property of this object. If the adapter supports source maps, the source map will also be on this object if you have passed in the correct options. Docs below should explain the methods executed in the example above.
accord.load(string, object)
- loads the compiler named in the first param, npm package with the name must be installed locally, or the optional second param must be the compiler you are after. The second param allows you to load the compiler from elsewhere or load an alternate version if you want, but be careful.
accord.supports(string)
- quick test to see if accord supports a certain compiler. accepts a string, which is the name of language (like markdown) or a compiler (like marked), returns a boolean.
adapter.name
adapter.render(string, options)
- render a string to a compiled stringadapter.renderFile(path, options)
- render a file to a compiled stringadapter.compile(string, options)
- compile a string to a functionadapter.compileFile(path, options)
- compile a file to a functionadapter.compileClient(string, options)
- compile a string to a client-side-ready functionadapter.compileFileClient(string, options)
- compile a file to a client-side-ready functionadapter.clientHelpers()
- some adapters that compile for client also need helpers, this method returns a string of minfied JavaScript with all of themadapter.extensions
- array of all file extensions the compiler should matchadapter.output
- string, expected output extensionadapter.engine
- the actual compiler, no adapter wrapper, if you need itAccord can also compile templates into JavaScript functions, for some languages. This is really useful for client-side rendering. Languages with compile support are listed below. If you try to compile a language without support for it, you will get an error.
We are always looking to add compile support for more languages, but it can be difficult, as client-side template support isn't always the first thing on language authors' minds. Any contributions that help to expand this list are greatly appreciated!
When using a language supporting client-side templates, make sure to check the docs for that language for more details. In general, you'll get back a stringified function from the compileClient
or compileFileClient
methods, and a string of client helpers from the clientHelpers
methods. You can take these, organize them, and write them to files however you wish. Usually the best way is to write the helpers to a file first, then iterate through each of the client-compiled functions, assigning them a name so they can be accessed later on.
Want to add more languages? We have put extra effort into making the adapter pattern structure understandable and easy to add to and test. Rather than requesting that a language be added, please add a pull request and add it yourself! We are quite responsive and will quickly accept if the implementation is well-tested.
Details on running tests and contributing can be found here
Accord now supports source map generation for any language that also supports source maps. At the moment, this includes the following languages:
Accord returns all source maps as javascript objects, and if available will prefer a v3 sourcemap over any other format. You can find the primary sourcemap on the object returned from accord under the sourcemap
key. If there are multiple sourcemaps generated, alternate ones will be avaiable under different keys, which you can find on the object returned from accord after a compile.
To generate a sourcemap, you can pass sourcemap: true
as an option to any compiler and you will get back a sourcemap with the file names, sources, and mappings correctly specified, guaranteed. Each compiler also has it's own way of specifying source map options. If you'd like to dive into those details to customize the output, you are welcome to do so, but it is at your own risk.
If there is a language that now supports sourcemaps and you'd like support for them to be added, get a pull request going and we'll make it happen!
Licensed under MIT
FAQs
A unified interface for compiled languages and templates in JavaScript
The npm package accord receives a total of 77,679 weekly downloads. As such, accord popularity was classified as popular.
We found that accord demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.