
Security News
Risky Biz Podcast: Making Reachability Analysis Work in Real-World Codebases
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
babel-upgrade
Advanced tools
A tool that tries to automatically update most dependencies, config files, and JavaScript files that require Babel packages directly to Babel 7 (and more in the future).
Requires nodejs 8 or newer
Run at the root of your git repo:
If using npm < v5.2.0, install npx globally.
# npx lets you run babel-upgrade without installing it locally
npx babel-upgrade --write
# or install globally and run
npm install babel-upgrade -g
babel-upgrade --write
Without the --write
(or -w
) flag, babel-upgrade
will print a diff without writing any changes.
Optionally, add --install
(or -i
) as well to run yarn
or npm
after writing the upgrade.
npx babel-upgrade --write --install
Ideas from http://new.babeljs.io/docs/en/next/v7-migration.html (or modify that file if it's missing)
--install
) (#18)package.json
: dependencies
and devDependencies
to the "latest supported" version.
{
"devDependencies": {
+ "@babel/core": "^7.0.0",
+ "@babel/plugin-proposal-object-rest-spread": "^7.0.0",
+ "@babel/preset-env": "^7.0.0",
+ "babel-loader": "v8.0.0-beta.0"
- "babel-loader": "6.0.0",
- "babel-plugin-transform-object-rest-spread": "6.0.0",
- "babel-preset-env": "^1.0.0",
},
}
@babel/register
(e81cf7){
"name": "mocha-scripts-test",
"scripts": {
- "test": "mocha --compilers js:babel-register --require babel-polyfill test/*Test.js",
+ "test": "mocha --compilers js:@babel/register --require @babel/polyfill test/*Test.js",
}
}
"babel-core": "^7.0.0-bridge-0"
if jest or jest-cli is a dependency (#14)"devDependencies": {
"@babel/core": "^7.0.0",
+ "babel-core": "7.0.0-bridge.0",
"jest": "^22.0.0"
},
"scripts": {
"test": "jest"
}
@babel/node
package if babel-node
is used (#14)"devDependencies": {
"@babel/cli": "^7.0.0",
+ "@babel/node": "^7.0.0"
},
"scripts": {
"start": "babel-node a.js"
}
.babelrc
(#14)- src/
- example/
- .babelrc // now modifies these too
- test/
- .babelrc // now modifies these too
- `.babelrc`
{
"presets": [
+ "@babel/preset-env"
- "env"
]
}
package.json babel key
(d123ad){
"babel": {
"presets": [
+ "@babel/preset-env"
- "env"
]
}
}
env
(e9fc42){
"babel": {
"presets": [
"@babel/preset-env"
]
},
"env": {
"development": {
"plugins": [
- "transform-react-jsx-source",
- "babel-plugin-transform-react-jsx-self"
+ "@babel/plugin-transform-react-jsx-source",
+ "@babel/plugin-transform-react-jsx-self",
]
}
}
}
mocha.opts
(e81cf7)---require babel-register
+--require @babel/register
{
- "presets": "env, react",
+ "presets": ["@babel/preset-env", "@babel/preset-react"],
.flowconfig
and add it? (#21){
"@babel/preset-react": "^7.0.0",
+ "@babel/preset-flow": "^7.0.0"
}
{
- "presets": ["@babel/preset-stage-3"],
+ "presets": [],
+ "plugins": [
+ "@babel/plugin-syntax-dynamic-import",
+ "@babel/plugin-syntax-import-meta",
+ "@babel/plugin-proposal-class-properties",
+ "@babel/plugin-proposal-json-strings"
+ ]
}
{
- "@babel/preset-stage-3": "^7.0.0"
+ "@babel/plugin-proposal-class-properties": "^7.0.0",
+ "@babel/plugin-proposal-json-strings": "^7.0.0",
+ "@babel/plugin-syntax-dynamic-import": "^7.0.0",
+ "@babel/plugin-syntax-import-meta": "^7.0.0"
}
.babelrc.js
and other js files with a config like presets, webpack.config.js
only
/ignore
if necessarytypeof-symbol
if using @babel/preset-env
+ loosebabel-types
-> @babel/types
, babel-core
)
babel-register
with @babel/register
)? Could be in a Makefile or somewhere else, but it's just find replace.@babel/cli
?npx/globally
npm install
npm start
FAQs
Upgrade tool for Babel
The npm package babel-upgrade receives a total of 1,309 weekly downloads. As such, babel-upgrade popularity was classified as popular.
We found that babel-upgrade demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.
Security News
CISA’s 2025 draft SBOM guidance adds new fields like hashes, licenses, and tool metadata to make software inventories more actionable.