Security News
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
A fast and well tested tokenizer or lexer core. You can use this library as a scanner to inspect a file and generate a list of tokens.
This is the core of a tokenizing library. It can be used to parse CSS, JavaScript, XML, JSON, English or any other sort of structured data. It doesn't do it out of the box; you need to write the token matching code first, but there will soon be libraries to assist with that task.
Known projects that use this tokenizer library:
Install the code using npm
, bower
or possibly just clone the repository. Then, use the library in your JavaScript. There is UMD markup (via FidUmd) that should make this library available under any module system that you prefer to use.
Define what the token types are and how to match them. After this, you are ready to parse things. Let's take this simple example where I can only parse newlines (CR or LF) and the word "special".
var Complexion = require('complexion');
var instance = new Complexion();
instance.defineToken('CR', Complexion.matchString('\r'));
instance.defineToken('LF', Complexion.matchString('\n'));
instance.defineToken('SPECIAL', Complexion.matchStringInsensitive('special'));
var result = instance.tokenize("special\n\nSpecial\n");
// result is now an array of 5 token objects. The tokens, in order are:
// SPECIAL CR CR SPECIAL CR
If input is encountered which is not handled by any token, the tokenizing code will throw an Error
.
A "matcher" is what is used to see if the upcoming text matches what's expected for a token type. For instance, here is a matcher for most whitespace and it will match multiple whitespace characters in a row.
function whitespaceMatcher(str, offset) {
var c, l;
l = 0;
c = str.charAt(offset + l);
while (c === ' ' || c === '\n' || c === '\r' || c === '\t') {
l += 1;
c = str.charAt(offset + l);
}
if (l) {
return str.substr(offset, l);
}
return null;
}
To help simplify the process of tokenization, a few matcher factories are exposed on the Complexion
object itself.
Will match any character. Useful if you want to make an "UNKNOWN" token so tokenization won't ever throw during parsing.
instance.defineToken('UNKNOWN', Complexion.matchAny());
Matches a string. Care has been taken to ensure this generates as fast of a matching function as is possible. If you want to use this as a filter or conditionally create tokens that match a string, you can pass in a nextMatcher
which will only get called if str
matches first.
// CSS "!important" - there may be whitespace between the '!' and 'important'
var matchImportant = Complexion.matchStringInsensitive('important');
instance.defineToken('IMPORTANT', Complexion.matchString('!', function (str, offset) {
var imp, ws;
ws = whitespaceMatcher(str, offset + 1) || ''; // Compensate for "!"
imp = matchImportant(str, offset + 1 + ws.length);
if (imp !== null) {
return str.substr(offset, 1 + ws.length + imp.length);
}
return null;
});
Identical to Complexion.matchString()
except this is the case insensitive version.
If you want to work on this library, you need to check out the repository and run npm install
to get the dependencies.
Tests are always included. Make sure tests cover your changes. To run the current tests, just use npm test
or grunt test
(they will run the same test sute).
This software is licensed under an MIT license with an additional non-advertising clause.
FAQs
A fast tokenizer/lexer core that is well tested.
The npm package complexion receives a total of 814 weekly downloads. As such, complexion popularity was classified as not popular.
We found that complexion demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.