Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Npm module for Unicode CLDR JSON data.
Bonus goals
On the package.json
of your i18n library, define its CLDR data dependency by
using the peerDependencies property.
"peerDependencies": {
"cldr-data": ">=26"
}
On your library, access CLDR JSON data using require("cldr-data")
.
function Pluralize(locale) {
var plurals = require("cldr-data/supplemental/plurals");
var language = extractLanguageFrom(locale);
// Your awesome pluralization logic
pluralForm = doAwesomeStuffWith(
plurals.supplemental["plurals-type-cardinal"][language]
);
return pluralForm;
}
For your convinience, use cldr-data in conjunction with cldr.js. You can find more details switching to the Foo Number Format Library Example or Application Example branches.
On the package.json
of your applications, define its CLDR data dependency by
using the dependencies or devDependencies property.
"dependencies": {
"cldr-data": "26",
"libraries-that-use-cldr-data": "x"
}
By default, the locale coverage installed is core, which Unicode defines as
the top tier languages and is equivalent to the json.zip
content. There are
two ways to modify the installation and get the full coverage instead.
Use the environment variable CLDR_COVERAGE
On the command line, set the locale coverage using the environment variable.
$ CLDR_COVERAGE=full npm install
Use the package.json cldr-data-coverage
property
On the package.json
of you application, set the locale coverage using the
cldr-data-coverage
property.
{
...
"cldr-data-coverage": "full",
...
}
By default, used file urls.json
form cldr-data module, which contain
for each locale coverage 18 urls. For set custom .json
file, that have
structure accoding urls.json
use cldr-data-urls-json
property in package.json
your webApp
Define the package.json cldr-data-urls-json
property
{
...
"cldr-data-urls-json": "../../cldrdatadwnl.json",
...
}
Path must be relative from cldr-data directory
Example custom cldrdatadwnl.json File have only 7 urls.
{
"core": [
"https://github.com/unicode-cldr/cldr-core/archive/30.0.3.zip",
"https://github.com/unicode-cldr/cldr-dates-modern/archive/30.0.3.zip",
"https://github.com/unicode-cldr/cldr-localenames-modern/archive/30.0.3.zip",
"https://github.com/unicode-cldr/cldr-misc-modern/archive/30.0.3.zip",
"https://github.com/unicode-cldr/cldr-numbers-modern/archive/30.0.3.zip",
"https://github.com/unicode-cldr/cldr-segments-modern/archive/30.0.3.zip",
"https://github.com/unicode-cldr/cldr-units-modern/archive/30.0.3.zip"
]
}
Or you can filter existing urls by regexp pattern, via cldr-data-urls-filter
field in package.json
:
{
...
"cldr-data-urls-filter": "(cldr-core|cldr-numbers-modern|cldr-dates-modern)",
...
}
MIT © Rafael Xavier de Souza
FAQs
Npm module for Unicode CLDR JSON data
The npm package cldr-data receives a total of 36,764 weekly downloads. As such, cldr-data popularity was classified as popular.
We found that cldr-data demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.