Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
automutate
Advanced tools
[Rough Draft] Applies waves of mutations provided by other tools, such as linters.
There are various linters in the world and most are adding or have added ways to --fix
rule failures automatically.
This is great but hard to do for a couple of reasons:
automutate
proposes that linters only propose how to fix rules, via a standardized JSON format.
A linter-specific utility can request waves of these fixes to be passed into automutate
.
Having a standardized source-agnostic project to apply mutations brings a couple of benefits:
automutate
is reduced with common code.In general, detecting rule failures is a separate concern from fixing them. Linters need to run quickly over a read-only set of files, often during built processes, while fixers typically run slowly and modify files on user request.
A single mutation contains a unique type
identifier, a range of character position(s) to apply to, and optionally other logic.
The following basic text manipulations are provided out of the box:
multiple
- Container for multiple mutations. This indicates to automutate
that these must be applied all at once or not at all, which guarantees consistency with the built-in mutation overlap detection.text-delete
- Deletes a range of characters.text-insert
- Inserts a string at a point.text-replace
- Replaces characters matching a string or regular expression within a range.text-swap
- Swaps a range of characters with a new string.For example:
{
"ugly-file.txt": [
{
"range": {
"begin": 7,
"end": 14
},
"type": "text-delete"
},
{
"insertion": "inconceivable!",
"range": {
"begin": 21
},
"type": "text-insert"
}]
}
Linter-specific utilities may define their own mutations.
For example, a language's linter may define a node-rename
mutation rather than use a multiple
mutation containing text-swap
mutations.
Each mutation is tied to an implementation of the abstract Mutator
class by name.
The default logic searches for these in user-provided directories under their camelCase
name appended with "Mutator"
.
text-insert
, for example, would be matched to mutators/testInsertMutator.js
.
Each mutator class is specific to a single type of mutation, and each mutator instance is specific to a file.
Calls to mutate
are given the current file contents as a string, along with the mutation to be applied, and return the file contents after the mutation.
Mutators are also given the original file contents at construction time, which allows for custom mutators to perform setup logic (for example, a language's linter creating an abstract syntax tree for the file).
In order to be compatible with automutate
, a linter must allow for some rules to report proposed fixes using the standard format.
Once that is possible, it's a matter of creating a mutations provider that continuously retrieves these proposed fixes using the linter.
FAQs
Applies waves of mutations provided by other tools, such as linters.
The npm package automutate receives a total of 116 weekly downloads. As such, automutate popularity was classified as not popular.
We found that automutate demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.