Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
bastascript
Advanced tools
Bastascript is a language designed to improve JavaScript's ability to serve as a functional programming language with terse, obvious syntax. Bastascript is a subset of JavaScript extended with additional syntax that compiles to JavaScript.
You can compile a BS file with the following command:
bs file_to_compile.bs
The generated code will be piped to stdout.
Adding the --run
flag will execute the code after compiling.
Bastascript makes heavy use of partial functions, which are applied in a manner
more similar to currying. This is accomplished via the skinny arrow operator
(->
).
Some examples:
promise.then(function() {
foo.bar(x);
}, function(err) {
console.error(err);
});
could be written as
promise.then(foo.bar->(x), console.error->());
A skinny arrow augmented assignment operator is provided:
x = x->(1, 2, 3);
// equivalent to
x =->(1, 2, 3);
Currying can be simulated like this:
function myfunc(x, y, z) {...;}
var curr = myfunc->();
curr =->(1);
curr = curr->(2);
console.log(curr(3));
Creating a partial function preserves the context of members. For instance:
var x = foo.bar.bind(foo);
// equivalent to
var x = foo.bar->();
x = x.y
can be written as x .= y
.
...;
will throw a new error named "Not Implemented".
if (someCondition) {
...;
}
for (var i in foo) {
if (foo.hasOwnProperty(i)) {
console.log(i);
}
}
can be written as
for (var i in foo if foo.hasOwnProperty(i)) {
console.log(i);
}
foo.method = function method() {};
can be written as
function foo.method() {
...;
}
Note that the method name is preserved.
var myFunc = decorator(function() {
// ...
});
obj.method = decorator(function method() {});
can be written as
@decorator:
function myFunc() {
...;
}
@decorator:
function obj.method() {
...;
}
Decorators can be members or call expressions:
@ident:
@dec.method:
@call(foo, bar):
@dec.call(foo, bar):
Decorators can be chained, and will be applied such that the outermost decorator will be applied last.
later
StatementThe later
statement allows you to defer a statement's execution until after
the completion of the remainder of the function.
function test(shouldMock) {
if (shouldMock) {
mock();
later cleanup();
}
...;
}
later
statements retain lexical scope and their access to the this
identifier. later
statements will not presently work with generators.
If an exception is thrown in a function with later
statements, none of the
deferred statements will be executed. You should catch exceptions with try
blocks instead.
Return statements support a ruby-like unless
clause that expands out to an
if (!expr)
construct. They may also use if
, which expands out to
if (expr)
.
return foo unless bar;
return foo if bar;
vs.
if (!bar) {
return foo;
}
if (bar) {
return foo;
}
The function
keyword can be replaced with the unicode character ƒ
. This
also works with generators: ƒ*
.
ƒ foo() {
...;
}
function foo() {
// ...;
}
Fat arrow functions should work as they're documented in the Harmony wiki.
x = () => foo;
y = elements.map(e => e.getAttribute('name'));
vs.
x = function() {return foo;};
y = elements.map(function(e) {return e.getAttribute('name')});
Arrow functions will bind this
lexically (as in ES6) when this
is used.
Note that later
statements are not bound to arrow functions and instead are
bound to the lexical parent. If the arrow function executes after the lexical
parent has completed, the later statement will not be run.
with
statement.v0.2.0
Fixes:
.bind(this)
is only applied to generated code where a ThisExpression
is
present.FAQs
A JavaScript dialect that adds some useful crap.
The npm package bastascript receives a total of 1 weekly downloads. As such, bastascript popularity was classified as not popular.
We found that bastascript demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.