Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
bass-clarinet
Advanced tools
SAX based evented streaming JSON parser in Typescript (browser and node)
bass-clarinet
is a JSON parser.
It was forked from clarinet
but the API has been changed significantly.
In addition to the port to TypeScript, the following changes have been made:
onopenobject
no longer includes the first keyJSONTestSuite
is added to the test set. All tests pass.trim
and normalize
options have been dropped. This can be handled by the consumer in the onsimplevalue
callbackcreateStackedDataSubscriber
which pairs onopenobject
/oncloseobject
and onopenarray
/onclosearray
events in a callbackattachStictJSONValidator
to the parser):
spaces_per_tab
bass-clarinet
is a sax-like streaming parser for JSON. works in the browser and node.js. just like you shouldn't use sax
when you need dom
you shouldn't use bass-clarinet
when you need JSON.parse
.
Clear reasons to use bass-clarinet
over the built-in JSON.parse
:
options
belowbass-clarinet
is very much like [yajl] but written in TypeScript:
npm install bass-clarinet
.ts
file: import * as bc from "bass-clarinet"
//a simple pretty printer
import * as bc from "bass-clarinet"
import * as fs from "fs"
const [, , path] = process.argv
if (path === undefined) {
console.error("missing path")
process.exit(1)
}
const data = fs.readFileSync(path, {encoding: "utf-8"})
export function createValuesPrettyPrinter(indentation: string, writer: (str: string) => void): bc.ValueHandler {
return {
array: beginMetaData => {
writer(beginMetaData.openCharacter)
return {
element: () => createValuesPrettyPrinter(`${indentation}\t`, writer),
end: endMetaData => {
writer(`${indentation}${endMetaData.range}`)
},
}
},
object: metaData => {
writer(metaData.openCharacter)
return {
property: (key, _keyRange) => {
writer(`${indentation}\t"${key}": `)
return createValuesPrettyPrinter(`${indentation}\t`, writer)
},
end: endMetaData => {
writer(`${indentation}${endMetaData.range}`)
},
}
},
simpleValue: (value, metaData) => {
if (metaData.quote !== null) {
writer(`${JSON.stringify(value)}`)
} else {
writer(`${value}`)
}
},
taggedUnion: (option, _metaData) => {
writer(`| "${option}" `)
return createValuesPrettyPrinter(`${indentation}`, writer)
},
}
}
export function attachPrettyPrinter(parser: bc.Parser, indentation: string, writer: (str: string) => void) {
const datasubscriber = bc.createStackedDataSubscriber(
createValuesPrettyPrinter(indentation, writer),
error => {
console.error("FOUND STACKED DATA ERROR", error.message)
},
_comments => {
//onEnd
}
)
parser.ondata.subscribe(datasubscriber)
parser.onschemadata.subscribe(datasubscriber)
}
const prsr = new bc.Parser(
err => { console.error("FOUND PARSER ERROR", err) },
)
attachPrettyPrinter(prsr, "\r\n", str => process.stdout.write(str))
bc.tokenizeString(
prsr,
err => { console.error("FOUND TOKENIZER ERROR", err) },
data
)
import * as bc from "bass-clarinet"
import * as fs from "fs"
const [, , path] = process.argv
if (path === undefined) {
console.error("missing path")
process.exit(1)
}
const data = fs.readFileSync(path, { encoding: "utf-8" })
const parser = new bc.Parser(
err => { console.error("FOUND PARSER ERROR", err) },
)
parser.ondata.subscribe({
onComma: () => {
//place your code here
},
onColon: () => {
//place your code here
},
onLineComment: (_comment, _range) => {
//place your code here
},
onBlockComment: (_comment, _range) => {
//
},
onString: (_value, _metaData) => {
//place your code here
//in strict JSON, the value is a string, a number, null, true or false
},
onOpenTaggedUnion: _range => {
//place your code here
},
onOpenArray: _metaData => {
//place your code here
},
onCloseArray: _metaData => {
//place your code here
},
onOpenObject: _metaData => {
//place your code here
},
onCloseObject: _metaData => {
//place your code here
},
onEnd: () => {
//place your code here
},
onNewLine: () => {
//
},
onWhitespace: () => {
//
},
})
bc.tokenizeString(
parser,
err => { console.error("FOUND TOKENIZER ERROR", err) },
data,
)
## arguments
pass the following argument to the tokenizer function:
* `spaces_per_tab` - number. needed for proper column info.: Rationale: without knowing how many spaces per tab `base-clarinet` is not able to determine the colomn of a character. Default is `4` (ofcourse)
pass the following arguments to the parser function. all are optional.
`opt` - object bag of settings.
## methods
`write` - write bytes to the tokenizer. you don't have to do this all at
once. you can keep writing as much as you want.
`end` - ends the stream. once ended, no more data may be written, it signals the `onend` event.
## additional features
the parser supports the following additional (to JSON) features
* optional commas - No comma's are required. Rationale: When manually editing documents, keeping track of the comma's is cumbersome. With this option this is no longer an issue
* trailing commas - Allows commas before the `}` or the `]`. Rationale: for serializers it is easier to write a comma for every property/element instead of keeping a state that tracks if a property/element is the first one.
* comments - Allows both line comments `//` and block comments `/* */`. Rationale: when using JSON-like documents for editing, it is often useful to add comments
* apostrophes instead of quotation marks - Allows `'` in place of `"`. Rationale: In an editor this is less intrusive (although only slightly)
* angle brackets instead of brackets - Allows `<` and `>` in place of `[` and `]`. Rationale: a semantic distinction can be made between fixed length arrays (`ArrayType`) and variable length arrays (`lists`)
* parens instead of braces - Allows `(` and `)` in place of `{` and `}`. Rationale: a semantic distinction can be made between objctes with known properties (`Type`) and objects with dynamic keys (`dictionary`)
* schema - The document may start with a `!` followed by a value (`object`, `string` etc), followed by an optional `#` (indicating `compact`).
* * The schema value can be used by a processor for schema validation. For example a string can indicate a URL of the schema.
* * `compact` is an indicator for a processor (code that uses `bass-clarinet`'s API) that the data is `compact`. `base-clarinet` only sends the `compact` flag but does not change any other behaviour. Rationale: If a schema is known, the keys of a `Type` are known at design time. these types can therefor be converted to `ArrayTypes` and thus omit the keys without losing information. This trades in readability in favor of size. This option indicates that this happened in this document. The file can only be properly interpreted by a processor in combination with the schema.
* tagged unions - This allows an extra value type that is not present in JSON but is very useful. tagged unions are also known as sum types or choices, see [taggedunion]. The notation is a pipe, followed by a string, followed by any other value. eg: ```| "the chosen option" { "my data": "foo" }```. The same information can ofcourse also be written in strict JSON with an array with 2 elements of which the first element is a string.
## events
`onerror` (passed as argument to the constructor) - indication that something bad happened. The parser will continue as good as it can
the data subscriber can be seen in the example code above:
# roadmap
check [issues]
# contribute
everyone is welcome to contribute. patches, bug-fixes, new features
1. create an [issue][issues] so the community can comment on your idea
2. fork `bass-clarinet`
3. create a new branch `git checkout -b my_branch`
4. create tests for the changes you made
5. make sure you pass both existing and newly inserted tests
6. commit your changes
7. push to your branch `git push origin my_branch`
8. create an pull request
# meta
* code: `git clone git://github.com/corno/bass-clarinet.git`
* home: <http://github.com/corno/bass-clarinet>
* bugs: <http://github.com/corno/bass-clarinet/issues>
* build: [![build status](https://secure.travis-ci.org/corno/bass-clarinet.png)](http://travis-ci.org/corno/bass-clarinet)
[npm]: http://npmjs.org
[issues]: http://github.com/corno/bass-clarinet/issues
[saxjs]: http://github.com/isaacs/sax-js
[yajl]: https://github.com/lloyd/yajl
[taggedunion]: https://en.wikipedia.org/wiki/Tagged_union
[blog]: http://writings.nunojob.com/2011/12/clarinet-sax-based-evented-streaming-json-parser-in-javascript-for-the-browser-and-nodejs.html
FAQs
Unknown package
The npm package bass-clarinet receives a total of 0 weekly downloads. As such, bass-clarinet popularity was classified as not popular.
We found that bass-clarinet demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.