Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
babel-preset-node6
Advanced tools
Node 6.x comes with V8 v5.x which brings ~93% native ES6/ES2015 coverage. This preset for Babel 6 attempts to bridge the gap for the much of the remaining 7% using Babel plug-ins.
Babel 6.x is awesome, but simply including the ES2015 preset means you're transpiling features that your Node 6.x installation can already do faster and natively, replacing them with inferior / old code.
This preset complements existing V8-native functionality - it doesn't work around it.
The end result is nearly always a faster build and script execution time.
Note: This package originally shipped with the React preset, but to avoid bloat, doesn't any longer. If you want to add that, please install babel-preset-react too
Install via NPM the usual way:
npm i babel-preset-node6
.babelrc
(recommended)Create a .babelrc
file in your project root, and include 'node5' in your preset path:
{
"presets": [
"node6"
]
}
Now whenever you run babel-node
, it will polyfill your app with the ES2015 features that Node 5 is missing.
$ babel script.js --presets node6
If you don't want to use a project-wide .babelrc
file (as above):
require("babel-core").transform("code", {
presets: ["node6"]
});
And if you do, and you want to use vanilla node
instead of babel-node
as your CLI, you can create an entry script that references your pre-transpiled code like so:
require('babel-register');
require('path/to/es6/script');
... which will then run everywhere Node can.
Of course, make sure to npm i -S babel-core
or npm i -S babel-register
respectively, to grab the NPM packages you'll need to transpile on-the-fly.
Follow vendor instructions and include node6
in your babel "preset" list.
Babel has a ready-made preset for React, and you now need to install it separately.
Just grab it via NPM:
npm i babel-preset-react
And then add it to your "presets" list in .babelrc
:
{
"presets": [
"node6",
"react"
]
}
The async/await proposal allows you to wait on a Promise, and write asynchronous code that looks synchronous.
Here's an example:
async function getUsers(howMany) {
try {
const response = await fetch(`http://jsonplaceholder.typicode.com/users/${howMany}`); // <-- a Promise
return response.json(); // <-- Another promise.
} catch(e) {
console.log('some kind of error occurred: ', e)
}
}
getUsers(10).then(users => {
// "users" contains the result of `response.json()`. Async functions *always*
// return a promise, even if that means wrapping a non-Promise in Promise.resolve
})
In the above example, fetch
returns a promise. By prefixing the function with async
and prefixing every Promise with await
, we avoid the typical .then()
chain inside of the function block and can reason about the flow of the application a little more clearly.
We can also wrap promises in try/catch
blocks, instead of bolting on .catch()
chains.
The necessary babel plug-ins to use async/await are included in this package, so you can use this syntax right away.
This package originally tracked Babel 6.x versioning. The problem is, many of the plug-ins and transforms provided by Babel don't always track the the babel-core
version, so updating one dependency can throw the versioning schema off.
This package will instead now follow its own semver, starting (arbitrarily) at v10.0.0.
I'm using this repo in production, so you can be assured that I'm making it a priority to update Babel 6 deps regularly and track the latest plug-in versions.
FAQs
Babel preset for Node 6.x (ES6 / ES2015)
The npm package babel-preset-node6 receives a total of 4,866 weekly downloads. As such, babel-preset-node6 popularity was classified as popular.
We found that babel-preset-node6 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.