Security News
PyPI Introduces Digital Attestations to Strengthen Python Package Security
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
acorn-import-assertions
Advanced tools
The acorn-import-assertions package is a plugin for the Acorn JavaScript parser. It adds support for parsing import assertions, which are a stage 3 proposal for ECMAScript that allows developers to make assertions about the type of module they are importing. This is particularly useful for distinguishing between different types of modules, such as JSON modules, CSS modules, or other non-JavaScript content.
Parsing import assertions
This feature allows the parsing of import statements with assertions. The code sample demonstrates how to extend the Acorn parser with the importAssertions plugin and parse a piece of code that includes an import statement with an assertion.
import assert from 'assert';
import { Parser } from 'acorn';
import importAssertions from 'acorn-import-assertions';
const code = "import json from './data.json' assert { type: 'json' };";
const ast = Parser.extend(importAssertions).parse(code, { sourceType: 'module' });
assert(ast.body[0].assertions[0].value.value === 'json');
es-module-lexer is a fast lexer for ES module syntax, including import assertions. While acorn-import-assertions is a plugin for the Acorn parser, es-module-lexer is a standalone lexer that can be used for tooling that needs to understand ES module syntax quickly and efficiently.
This module provides a plugin that can be used to extend the Acorn Parser class:
const {Parser} = require('acorn');
const {importAssertions} = require('acorn-import-assertions');
Parser.extend(importAssertions).parse('...');
This plugin is released under an MIT License.
FAQs
Support for import assertions in acorn
We found that acorn-import-assertions demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.