Security News
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security Demands
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
acorn-globals
Advanced tools
The acorn-globals npm package is used to extract global variables from JavaScript code. It leverages the Acorn JS parser to analyze scripts and identify global variables, which can be useful for various applications such as linting tools, code analysis, and optimization tools.
Extracting global variables
This feature allows you to parse JavaScript code and extract a list of global variables used in the code. The example shows how to parse a simple script and identify 'console' as a global variable.
const acornGlobals = require('acorn-globals');
const acorn = require('acorn');
const code = 'console.log("Hello, world!");';
const ast = acorn.parse(code, {ecmaVersion: 2020});
const globals = acornGlobals(ast);
console.log(globals);
eslint-scope is used to analyze the scope of variables and functions in JavaScript code. While it also deals with identifying variable declarations and their scopes, it is more focused on the scoping rules specific to ECMAScript than just identifying globals. This makes it more suitable for linting purposes compared to acorn-globals, which is more focused on global variable extraction.
The 'globals' package provides a list of built-in global identifiers for various JavaScript environments. It is less dynamic than acorn-globals as it does not analyze code to extract globals but rather provides a static list. This can be useful for quick checks against known globals but lacks the analysis capability of acorn-globals.
Detect global variables in JavaScript using acorn
Get supported acorn-globals with the Tidelift Subscription
npm install acorn-globals
detect.js
var fs = require('fs');
var detect = require('acorn-globals');
var src = fs.readFileSync(__dirname + '/input.js', 'utf8');
var scope = detect(src);
console.dir(scope);
input.js
var x = 5;
var y = 3, z = 2;
w.foo();
w = 2;
RAWR=444;
RAWR.foo();
BLARG=3;
foo(function () {
var BAR = 3;
process.nextTick(function (ZZZZZZZZZZZZ) {
console.log('beep boop');
var xyz = 4;
x += 10;
x.zzzzzz;
ZZZ=6;
});
function doom () {
}
ZZZ.foo();
});
console.log(xyz);
output:
$ node example/detect.js
[ { name: 'BLARG', nodes: [ [Object] ] },
{ name: 'RAWR', nodes: [ [Object], [Object] ] },
{ name: 'ZZZ', nodes: [ [Object], [Object] ] },
{ name: 'console', nodes: [ [Object], [Object] ] },
{ name: 'foo', nodes: [ [Object] ] },
{ name: 'process', nodes: [ [Object] ] },
{ name: 'w', nodes: [ [Object], [Object] ] },
{ name: 'xyz', nodes: [ [Object] ] } ]
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
MIT
FAQs
Detect global variables in JavaScript using acorn
The npm package acorn-globals receives a total of 16,870,092 weekly downloads. As such, acorn-globals popularity was classified as popular.
We found that acorn-globals demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Security News
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.
Security News
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.