Security News
The Push to Ban Ransom Payments Is Gaining Momentum
Ransomware costs victims an estimated $30 billion per year and has gotten so out of control that global support for banning payments is gaining momentum.
acorn-globals
Advanced tools
Package description
The acorn-globals npm package is used to extract global variables from JavaScript code. It leverages the Acorn JS parser to analyze scripts and identify global variables, which can be useful for various applications such as linting tools, code analysis, and optimization tools.
Extracting global variables
This feature allows you to parse JavaScript code and extract a list of global variables used in the code. The example shows how to parse a simple script and identify 'console' as a global variable.
const acornGlobals = require('acorn-globals');
const acorn = require('acorn');
const code = 'console.log("Hello, world!");';
const ast = acorn.parse(code, {ecmaVersion: 2020});
const globals = acornGlobals(ast);
console.log(globals);
eslint-scope is used to analyze the scope of variables and functions in JavaScript code. While it also deals with identifying variable declarations and their scopes, it is more focused on the scoping rules specific to ECMAScript than just identifying globals. This makes it more suitable for linting purposes compared to acorn-globals, which is more focused on global variable extraction.
The 'globals' package provides a list of built-in global identifiers for various JavaScript environments. It is less dynamic than acorn-globals as it does not analyze code to extract globals but rather provides a static list. This can be useful for quick checks against known globals but lacks the analysis capability of acorn-globals.
Readme
Detect global variables in JavaScript using acorn
Get supported acorn-globals with the Tidelift Subscription
npm install acorn-globals
detect.js
var fs = require('fs');
var detect = require('acorn-globals');
var src = fs.readFileSync(__dirname + '/input.js', 'utf8');
var scope = detect(src);
console.dir(scope);
input.js
var x = 5;
var y = 3, z = 2;
w.foo();
w = 2;
RAWR=444;
RAWR.foo();
BLARG=3;
foo(function () {
var BAR = 3;
process.nextTick(function (ZZZZZZZZZZZZ) {
console.log('beep boop');
var xyz = 4;
x += 10;
x.zzzzzz;
ZZZ=6;
});
function doom () {
}
ZZZ.foo();
});
console.log(xyz);
output:
$ node example/detect.js
[ { name: 'BLARG', nodes: [ [Object] ] },
{ name: 'RAWR', nodes: [ [Object], [Object] ] },
{ name: 'ZZZ', nodes: [ [Object], [Object] ] },
{ name: 'console', nodes: [ [Object], [Object] ] },
{ name: 'foo', nodes: [ [Object] ] },
{ name: 'process', nodes: [ [Object] ] },
{ name: 'w', nodes: [ [Object], [Object] ] },
{ name: 'xyz', nodes: [ [Object] ] } ]
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
MIT
FAQs
Detect global variables in JavaScript using acorn
We found that acorn-globals demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Ransomware costs victims an estimated $30 billion per year and has gotten so out of control that global support for banning payments is gaining momentum.
Application Security
New SEC disclosure rules aim to enforce timely cyber incident reporting, but fear of job loss and inadequate resources lead to significant underreporting.
Security News
The Python Software Foundation has secured a 5-year sponsorship from Fastly that supports PSF's activities and events, most notably the security and reliability of the Python Package Index (PyPI).