Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
babel-core
Advanced tools
The babel-core package is a part of Babel, a JavaScript compiler that allows developers to use next-generation JavaScript, today. It transforms ES6, ES7, and beyond into backwards compatible versions of JavaScript that can be run on older browsers and environments. It also allows for the use of JSX, Flow, TypeScript, and other features not natively supported in all environments.
Code Transformation
Transforms ES6/ES7 code to ES5. This is useful for compatibility with older browsers and environments.
babel.transform('code();', options);
File Transformation
Synchronously transforms the entire contents of a file. Useful for build processes.
babel.transformFileSync('filename.js', options);
AST Generation
Parses code to its Abstract Syntax Tree (AST) representation, which can be used for analysis or modification of the code.
babel.parse('code();', options);
Plugin/Preset Application
Applies Babel plugins and presets to the code, allowing for custom transformations and feature sets.
babel.transform('code();', { plugins: ['plugin-name'], presets: ['preset-name'] });
TypeScript is a superset of JavaScript that compiles to plain JavaScript. It offers type checking and is aimed at the development of large applications. It is similar to Babel in that it processes modern JavaScript features, but it also introduces its own syntax and type system.
Esbuild is an extremely fast JavaScript bundler and minifier. It also transpiles code, similar to Babel, but it focuses on build performance and speed, often outperforming Babel in these aspects.
SWC is a super-fast compiler written in Rust that functions similarly to Babel. It focuses on speed and also offers minification. SWC can be a drop-in replacement for Babel in many cases, offering faster build times.
Babel compiler core.
var babel = require("babel-core");
import { transform } from 'babel-core';
import * as babel from 'babel-core';
All transformations will use your local configuration files (.babelrc or in package.json). See options to disable it.
Transforms the passed in code
. Returning an object with the generated code,
source map, and AST.
babel.transform(code, options) // => { code, map, ast }
Example
var result = babel.transform("code();", options);
result.code;
result.map;
result.ast;
Asynchronously transforms the entire contents of a file.
babel.transformFile(filename, options, callback)
Example
babel.transformFile("filename.js", options, function (err, result) {
result; // => { code, map, ast }
});
Synchronous version of babel.transformFile
. Returns the transformed contents of
the filename
.
babel.transformFileSync(filename, options) // => { code, map, ast }
Example
babel.transformFileSync("filename.js", options).code;
Given, an AST, transform it.
const code = "if (true) return;";
const ast = babylon.parse(code, { allowReturnOutsideFunction: true });
const { code, map, ast } = babel.transformFromAst(ast, code, options);
Babel CLI
You can pass these options from the Babel CLI like so:
babel --name=value
Following is a table of the options you can use:
Option | Default | Description |
---|---|---|
ast | true | Include the AST in the returned object |
auxiliaryCommentAfter | null | Attach a comment after all non-user injected code. |
auxiliaryCommentBefore | null | Attach a comment before all non-user injected code. |
babelrc | true | Specify whether or not to use .babelrc and .babelignore files. Not available when using the CLI, use --no-babelrc instead. |
code | true | Enable code generation |
comments | true | Output comments in generated output. |
compact | "auto" | Do not include superfluous whitespace characters and line terminators. When set to "auto" compact is set to true on input sizes of >500KB. |
env | {} | This is an object of keys that represent different environments. For example, you may have: { env: { production: { /* specific options */ } } } which will use those options when the environment variable BABEL_ENV is set to "production" . If BABEL_ENV isn't set then NODE_ENV will be used, if it's not set then it defaults to "development" |
extends | null | A path to an .babelrc file to extend |
filename | "unknown" | Filename for use in errors etc. |
filenameRelative | (filename) | Filename relative to sourceRoot . |
generatorOpts | {} | An object containing the options to be passed down to the babel code generator, babel-generator |
getModuleId | null | Specify a custom callback to generate a module id with. Called as getModuleId(moduleName) . If falsy value is returned then the generated module id is used. |
highlightCode | true | ANSI highlight syntax error code frames |
ignore | null | Opposite to the only option. ignore is disregarded if only is specified. |
inputSourceMap | null | A source map object that the output source map will be based on. |
minified | false | Should the output be minified (not printing last semicolons in blocks, printing literal string values instead of escaped ones, stripping () from new when safe) |
moduleId | null | Specify a custom name for module ids. |
moduleIds | false | If truthy, insert an explicit id for modules. By default, all modules are anonymous. (Not available for common modules) |
moduleRoot | (sourceRoot) | Optional prefix for the AMD module formatter that will be prepend to the filename on module definitions. |
only | null | A glob, regex, or mixed array of both, matching paths to only compile. Can also be an array of arrays containing paths to explicitly match. When attempting to compile a non-matching file it's returned verbatim. |
parserOpts | {} | An object containing the options to be passed down to the babel parser, babylon |
plugins | [] | List of plugins to load and use. |
presets | [] | List of presets (a set of plugins) to load and use. |
retainLines | false | Retain line numbers. This will lead to wacky code but is handy for scenarios where you can't use source maps. (NOTE: This will not retain the columns) |
resolveModuleSource | null | Resolve a module source ie. import "SOURCE"; to a custom value. Called as resolveModuleSource(source, filename) . |
shouldPrintComment | null | An optional callback that controls whether a comment should be output or not. Called as shouldPrintComment(commentContents) . NOTE: This overrides the comment option when used. |
sourceFileName | (filenameRelative) | Set sources[0] on returned source map. |
sourceMaps | false | If truthy, adds a map property to returned output. If set to "inline" , a comment with a sourceMappingURL directive is added to the bottom of the returned code. If set to "both" then a map property is returned as well as a source map comment appended. This does not emit sourcemap files by itself! To have sourcemaps emitted using the CLI, you must pass it the --source-maps option. |
sourceMapTarget | (filenameRelative) | Set file on returned source map. |
sourceRoot | (moduleRoot) | The root from which all sources are relative. |
sourceType | "module" | Indicate the mode the code should be parsed in. Can be either "script" or "module". |
wrapPluginVisitorMethod | null | An optional callback that can be used to wrap visitor methods. NOTE: This is useful for things like introspection, and not really needed for implementing anything. Called as wrapPluginVisitorMethod(pluginAlias, visitorType, callback) . |
FAQs
Babel compiler core.
The npm package babel-core receives a total of 5,600,477 weekly downloads. As such, babel-core popularity was classified as popular.
We found that babel-core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.