Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Wrap up expressions with a trace function while walking the AST with rice and beans on the side
Burrito makes it easy to do crazy stuff with the javascript AST.
This is super useful if you want to roll your own stack traces or build a code coverage tool.
examples/microwave.js
var burrito = require('burrito');
var res = burrito.microwave('Math.sin(2)', function (node) {
if (node.name === 'num') node.wrap('Math.PI / %s');
});
console.log(res); // sin(pi / 2) == 1
output:
1
examples/wrap.js
var burrito = require('burrito');
var src = burrito('f() && g(h())\nfoo()', function (node) {
if (node.name === 'call') node.wrap('qqq(%s)');
});
console.log(src);
output:
qqq(f()) && qqq(g(qqq(h())));
qqq(foo());
var burrito = require('burrito');
Given some source code
and a function trace
, walk the ast by expression.
The cb
gets called with a node object described below.
If code
is an Array then it is assumbed to be an AST which you can generate
yourself with burrito.parse()
. The AST must be annotated, so make sure to
burrito.parse(src, false, true)
.
Like burrito()
except the result is run using
vm.runInNewContext(res, context)
.
Name is a string that contains the type of the expression as named by uglify.
Wrap the current expression in s
.
If s
is a string, "%s"
will be replaced with the stringified current
expression.
If s
is a function, it is called with the stringified current expression and
should return a new stringified expression.
If the node.name === "binary"
, you get the subterms "%a" and "%b" to play with
too. These subterms are applied if s
is a function too: s(expr, a, b)
.
Protip: to insert multiple statements you can use javascript's lesser-known block syntax that it gets from C:
if (node.name === 'stat') node.wrap('{ foo(); %s }')
raw ast data generated by uglify
node.node.slice(1)
to skip the annotations
The start location of the expression, like this:
{ type: 'name',
value: 'b',
line: 0,
col: 3,
pos: 3,
nlb: false,
comments_before: [] }
The end location of the expression, formatted the same as node.start
.
The state of the traversal using traverse.
Returns a stringified version of the expression.
Returns the parent node
or null
if the node is the root element.
Return the label of the present node or null
if there is no label.
Labels are returned for "call", "var", "defun", and "function" nodes.
Returns an array for "var" nodes since var
statements can
contain multiple labels in assignment.
With npm you can just:
npm install burrito
Burrito works in browser with browserify.
It has been tested against:
Heavily inspired by (and previously mostly lifted outright from) isaacs's nifty tmp/instrument.js thingy from uglify-js.
FAQs
Wrap up expressions with a trace function while walking the AST with rice and beans on the side
The npm package burrito receives a total of 13,996 weekly downloads. As such, burrito popularity was classified as popular.
We found that burrito demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.