![Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack](https://cdn.sanity.io/images/cgdhsj6q/production/6af25114feaaac7179b18127c83327568ff592d1-1024x1024.webp?w=800&fit=max&auto=format)
Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
acorn-es7-plugin
Advanced tools
Readme
acorn-es7-plugin is a plugin for the Acorn parser that generates ESTrees following the 'experimental' specification for asynchronous functions.
npm install --save acorn-es7-plugin
Adding the plugin
// Require acorn as usual
var acorn = require("acorn");
// Add the es7-plugin
require('./acorn-es7-plugin')(acorn) ;
Using the plugin
var code = "async function x(){ if (x) return await(x-1) ; return 0 ; }\n";
var ast = acorn.parse(code,{
// Specify use of the plugin
plugins:{asyncawait:true},
// Specify the ecmaVersion
ecmaVersion:7
}) ;
// Show the AST
console.log(JSON.stringify(ast,null,2)) ;
Output:
{
"type": "Program",
"body": [
{
"type": "FunctionDeclaration",
"id": {
"type": "Identifier",
"name": "x"
},
"generator": false,
"expression": false,
"params": [],
"body": {
"type": "BlockStatement",
"body": [
{
"type": "IfStatement",
"test": {
"type": "Identifier",
"name": "x"
},
"consequent": {
"type": "ReturnStatement",
"argument": {
"type": "AwaitExpression",
"operator": "await",
"argument": {
"type": "BinaryExpression",
"left": {
"type": "Identifier",
"name": "x"
},
"operator": "-",
"right": {
"type": "Literal",
"value": 1,
"raw": "1"
}
}
}
},
"alternate": null
},
{
"type": "ReturnStatement",
"argument": {
"type": "Literal",
"value": 0,
"raw": "0"
}
}
]
},
"async": true
}
],
"sourceType": "script"
}
The parser attempts to enforce strict contextualisation of async
and await
. Specifically, async
is only a keyword if it precedes a function declaration, function expression or arrow function. await
is only a keyword inside an async
function. Outside of these contexts, both tokens are treated as identifiers (as they were in ES6 and earlier).
When using the plugin, you can supply an object in place of the 'true' flag with the following options.
flag | meaning |
---|---|
awaitAnywhere | If await is used outside of an async function and could not be an identifier, generate an AwaitExpression node. This typically means you can use await anywhere except when its argument would require parentheses, as this parses to a call to 'await(....)'. |
asyncExits | Allow the additional sequences async return <optional-expression> and async throw <expression> . These sequences are used with nodent. In each case, as with async functions, a standard ReturnStatement (or ThrowStatement) node is generated, with an additional member 'async' set to true. |
10-Dec-15: v1.0.10
Update the plugin code to remove 'async' and 'await' from the super-strict keyword tests introduced in acorn v2.6.x that generate parse errors before the plugin gets a chance to manage them.
FAQs
A plugin for the Acorn parser that understands the ES7 keywords async and await
The npm package acorn-es7-plugin receives a total of 93,384 weekly downloads. As such, acorn-es7-plugin popularity was classified as popular.
We found that acorn-es7-plugin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.