Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
automutate
Advanced tools
Applies waves of mutations provided by other tools, such as linters or codemods.
There are many linters out there and most include ways to --fix
rule failures automatically.
This is great but hard to do for a couple of reasons:
automutate
proposes that linters only propose how to fix rules, via a standardized JSON format.
Having a standardized source-agnostic project to apply mutations brings a couple of benefits:
automutate
is reduced with common code.In general, detecting rule failures is a separate concern from fixing them. Linters need to run quickly over a read-only set of files, often during built processes, while fixers typically run slowly and modify files on user request.
The main automutate
algorithm is started in autoMutator.ts
and mostly applied in mutationsApplier.ts
:
while mutationsWave = getMutationsWave():
for (file, fileMutations) of groupMutationsByFile(mutationsWave):
for mutation of getNonOverlappingMutationsInReverse(fileMutations):
applyMutation(file, mutation)
getMutationsWave
calls to an external tool, such as a linter, to receive a wave of suggested mutations.groupMutationsByFile
organizes the suggested mutations by file.getNonOverlappingMutationsInReverse
removes overlapping mutations that would conflict with each other, and sorts the remainder in reverse order so that later mutations don't interfere with character positions of earlier mutations.applyMutation
modifies files on disk using the remaining mutations.A single mutation contains a unique type
identifier, a range of character position(s) to apply to, and optionally other logic.
The following basic text manipulations are provided out of the box:
multiple
- Container for multiple mutations. This indicates to automutate
that these must be applied all at once or not at all, which guarantees consistency with the built-in mutation overlap detection.text-delete
- Deletes a range of characters.text-insert
- Inserts a string at a point.text-replace
- Replaces characters matching a string or regular expression within a range.text-swap
- Swaps a range of characters with a new string.For example:
{
"ugly-file.txt": [
{
"range": {
"begin": 7,
"end": 14
},
"type": "text-delete"
},
{
"insertion": "inconceivable!",
"range": {
"begin": 21
},
"type": "text-insert"
}
]
}
Linter-specific utilities may define their own mutations.
For example, a language's linter may define a node-rename
mutation rather than use a multiple
mutation containing text-swap
mutations.
See Mutators for more on custom mutators.
See Onboarding.
automutate
requires NodeJS >= 14.
FAQs
Applies waves of mutations provided by other tools, such as linters.
We found that automutate demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.