Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
chevrotain
Advanced tools
Chevrotain is a high performance fault tolerant javascript parsing DSL for building recursive decent parsers
Chevrotain is a fast and feature-rich parser building toolkit for JavaScript. It can be used to build parsers for DSLs, programming languages, data formats, and more. It provides a set of APIs for defining grammar rules and constructing a parser based on those rules.
Defining Token Types
This code sample demonstrates how to define token types using Chevrotain. Tokens are the basic building blocks of the syntax for a language or format. In this example, we define tokens for integers and the plus and minus symbols.
const { createToken, Lexer } = require('chevrotain');
const Integer = createToken({ name: 'Integer', pattern: /\d+/ });
const Plus = createToken({ name: 'Plus', pattern: /\+/ });
const Minus = createToken({ name: 'Minus', pattern: /-/ });
const allTokens = [Plus, Minus, Integer];
const MyLexer = new Lexer(allTokens);
Building a Parser
This code sample shows how to build a parser using Chevrotain. The parser is defined as a class that extends `CstParser` and uses rules to define the grammar of the language. In this example, we define a simple grammar for addition expressions.
const { CstParser } = require('chevrotain');
class MyParser extends CstParser {
constructor() {
super(allTokens);
this.RULE('expression', () => {
this.SUBRULE(this.additionExpression);
});
this.RULE('additionExpression', () => {
this.CONSUME(Integer);
this.MANY(() => {
this.OR([
{ ALT: () => { this.CONSUME(Plus); this.CONSUME2(Integer); } },
{ ALT: () => { this.CONSUME(Minus); this.CONSUME2(Integer); } }
]);
});
});
this.performSelfAnalysis();
}
}
const parser = new MyParser();
Parsing Text
This code sample illustrates how to parse text using a lexer and parser defined with Chevrotain. The text is tokenized by the lexer, and then the tokens are fed into the parser to produce a Concrete Syntax Tree (CST), which can be used for further processing such as interpretation or transformation into an Abstract Syntax Tree (AST).
const { tokenMatcher } = require('chevrotain');
const text = '1 + 2 - 3';
const lexingResult = MyLexer.tokenize(text);
if (lexingResult.errors.length === 0) {
parser.input = lexingResult.tokens;
const cst = parser.expression();
if (parser.errors.length === 0) {
// cst can now be used to create an AST or for interpretation.
} else {
// parser errors are present
}
} else {
// lexing errors are present
}
PEG.js is a simple parser generator for JavaScript that produces fast parsers with excellent error reporting. It uses Parsing Expression Grammars (PEG) as the input. Compared to Chevrotain, PEG.js has a different approach to defining grammars (PEG vs. Chevrotain's API) and does not require manual token definition.
ANTLR (ANother Tool for Language Recognition) is a powerful parser generator that can be used to read, process, execute, or translate structured text or binary files. It's widely used to build languages, tools, and frameworks. ANTLR4 has a Java-based toolchain with targets for multiple languages including JavaScript. It is more complex than Chevrotain and has a steeper learning curve, but it is also more feature-rich.
Jison is an API for creating parsers in JavaScript that works similarly to yacc. It takes a context-free grammar as input and outputs a JavaScript file capable of parsing the language described by that grammar. Jison handles both lexical and syntactical analysis, which means it combines the features of both lexer and parser generators. It is less modular than Chevrotain but can be easier to use for those familiar with yacc or bison.
Nearley is a simple, fast, and powerful parsing toolkit for JavaScript. It is based on Earley's algorithm, which is suitable for parsing complex and ambiguous grammars. Nearley is designed to be more user-friendly and flexible than traditional parser generators. It allows for dynamic grammar and can handle any kind of parsing task. It is comparable to Chevrotain in terms of ease of use but uses a different underlying algorithm for parsing.
FAQs
Chevrotain is a high performance fault tolerant javascript parsing DSL for building recursive decent parsers
The npm package chevrotain receives a total of 1,281,958 weekly downloads. As such, chevrotain popularity was classified as popular.
We found that chevrotain demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.