Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
babel-plugin-annotate-pure-calls
Advanced tools
Readme
This plugins helps with automatic #__PURE__ annotation insertion. It add the comment to top level call expressions and new expressions in assignment contexts (those are considered by the plugin as side effect free). This helps UglifyJS to perform dead code elimination more efficiently and therefore reduces the bundle sizes for the consumers.
NOTE: It might break your code, so the caution is advised. Target audience for the plugin are libraries, which in vast major of use cases do not introduce side effects in top level calls. That doesn't mean that application bundles cannot benefit from the plugin.
// pure call
var inc = add(1)
// clearly impure - no assignment context
mutate({ prop: 'value' })
Top level call (in terms of this plugin) is one that gets executed during script initialization. So it is every call located at the root of a file, but also a call in an IIFE that gets executed at startup (including nested ones).
var a = topLevelCall()
b = function() {
noTopLevelCall()
}
topLevelIIFEs = (function() {
var c = (function() {
var d = (function() {
var e = topLevelCall()
})()
})()
})()
npm install --save-dev babel-plugin-annotate-pure-calls
.babelrc
(Recommended).babelrc
{
"plugins": ["annotate-pure-calls"]
}
babel --plugins annotate-pure-calls script.js
require('babel-core').transform('var inc = add(1)', {
plugins: ['annotate-pure-calls'],
})
The plugin works with babel@6, you might see unmet peer dependency warning though. If you want to get rid of it, please
install @babel/core@6.0.0-bridge.1
.
FAQs
Babel plugin for annotating automatically pure function calls.
The npm package babel-plugin-annotate-pure-calls receives a total of 34,270 weekly downloads. As such, babel-plugin-annotate-pure-calls popularity was classified as popular.
We found that babel-plugin-annotate-pure-calls demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.