Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Babylon is a JavaScript parser used in Babel.
Heavily based on acorn and acorn-jsx, thanks to the awesome work of @RReverser and @marijnh.
Significant diversions are expected to occur in the future such as streaming, EBNF definitions, sweet.js integration, interspatial parsing and more.
babylon.parse(code, [options])
babylon.parseExpression(code, [options])
parse()
parses the provided code
as an entire ECMAScript program, while
parseExpression()
tries to parse a single Expression with performance in
mind. When in doubt, use .parse()
.
allowImportExportEverywhere: By default, import
and export
declarations can only appear at a program's top level. Setting this
option to true
allows them anywhere where a statement is allowed.
allowReturnOutsideFunction: By default, a return statement at
the top level raises an error. Set this to true
to accept such
code.
allowSuperOutsideMethod: TODO
sourceType: Indicate the mode the code should be parsed in. Can be
either "script"
or "module"
.
sourceFilename: Correlate output AST nodes with their source filename. Useful when generating code and source maps from the ASTs of multiple input files.
startLine: By default, the first line of code parsed is treated as line 1. You can provide a line number to alternatively start with. Useful for integration with other source tools.
plugins: Array containing the plugins that you want to enable.
strictMode: TODO
Babylon generates AST according to Babel AST format. It is based on ESTree spec with the following deviations:
There is now an
estree
plugin which reverts these deviations
directives
field with Directive and DirectiveLiteralAST for JSX code is based on Facebook JSX AST with the addition of one node type:
JSXText
Babylon follows semver in most situations. The only thing to note is that some spec-compliancy bug fixes may be released under patch versions.
For example: We push a fix to early error on something like #107 - multiple default exports per file. That would be considered a bug fix even though it would cause a build to fail.
require("babylon").parse("code", {
// parse in strict mode and allow module declarations
sourceType: "module",
plugins: [
// enable jsx and flow syntax
"jsx",
"flow"
]
});
estree
jsx
flow
doExpressions
objectRestSpread
decorators
(Based on an outdated version of the Decorators proposal. Will be removed in a future version of Babylon
)classProperties
exportExtensions
asyncGenerators
functionBind
functionSent
dynamicImport
templateInvalidEscapes
FAQs
A JavaScript parser
The npm package babylon receives a total of 7,083,241 weekly downloads. As such, babylon popularity was classified as popular.
We found that babylon demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.