Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
conga-annotations
Advanced tools
This is a Node.js library which allows you to add annotations describing metdata data about classes, constructors, methods, and properties within javascript files.
ES6 Example:
/**
* @MyClassAnnotation("hello world")
*/
class HelloWorld {
constructor() {
/**
* @MyPropertyAnnotation(foo=[1,2,3,4], bar={"hello":"there"})
*/
this.myProperty = 'foo'
}
/**
* @MyMethodAnnotation("foobar", something="hello")
*/
myMethod() {
}
}
ES5 Example:
/**
* @MyConstructorAnnotation("some value")
*/
function HelloWorld(){}
HelloWorld.prototype = {
/**
* @MyPropertyAnnotation(foo=[1,2,3,4], bar={"hello":"there"})
*/
myProperty: 'foo',
/**
* @MyMethodAnnotation("foobar", something="hello")
*/
myMethod: function(){
}
}
Need Node >= 4.0.0
> npm install conga-annotations
Full example in example folder (node main.js
to test is).
// my-class-annotation.js
// ----------------------------
'use strict'
const Annotation = require('conga-annotations').Annotation;
module.exports = class MyClassAnnotation extends Annotation {
/**
* The possible targets
*
* (Annotation.DEFINITION, Annotation.CONSTRUCTOR, Annotation.PROPERTY, Annotation.METHOD)
*
* @type {Array}
*/
static get targets() { return [Annotation.DEFINITION] }
/**
* Constructor to add attributes
* @type {Array}
*/
constructor(data, filePath){
super(data, filePath)
}
/**
* Optional initialization method that
* can be used to transform data
*
* @param {Object} data
* @return {void}
*/
init: function(data){
// set defaults
this.value = data.value || 'default value'
this.sample = data.sample || 'default value for sample'
// do something with data (error check, etc.)
}
});
// my-sample.js
// ------------
/**
* @MyClassAnnotation("some value", sample="here is an attribute value")
*/
class HelloWorld {}
// my-parser.js
// ------------
const path = require('path')
const annotations = require('conga-annotations')
// create the registry
const registry = new annotations.Registry()
// add annotations to the registry
registry.registerAnnotation(path.join(__dirname, 'my-class-annotation'))
// create the annotation reader
const reader = new annotations.Reader(registry)
// parse the annotations from a file, default parse ES6 file, Reader.ES5 to force ES5
reader.parse(path.join(__dirname, 'my-sample.js'), Reader.ES6)
// get the annotations
const definitionAnnotations = reader.definitionAnnotations
const constructorAnnotations = reader.constructorAnnotations
const methodAnnotations = reader.methodAnnotations
const propertyAnnotations = reader.propertyAnnotations
// loop through and handle the annotations
constructorAnnotations.forEach(function(annotation){
// @MyConstructorAnnotation
if (annotation.constructor.name === 'MyClassAnnotation'){
// do something with the annotation data
console.log(annotation.target); // -> "HelloWorld"
console.log(annotation.value); // -> "some value"
console.log(annotation.sample); // -> "here is an attribute value"
}
});
// string
@MyAnnotation(foo="a string")
// boolean
@MyAnnotation(foo=true)
// array
@MyAnnotation(foo=[1,2,3,4])
// object
@MyAnnotation(foo={hi:"there"})
// nested annotations
@MyAnnotation(foo=@MyNestedAnnotation("this is nested", foo=true))
// array of nested annotations
@MyAnnotation(foo=[@MyNestedAnnotation("nested 1"), @MyNestedAnnotation("nested 2")])
FAQs
Annotation parser library for ES2014/ES2015, ES5/ES6
The npm package conga-annotations receives a total of 23 weekly downloads. As such, conga-annotations popularity was classified as not popular.
We found that conga-annotations demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.