Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
core-js-compat
Advanced tools
The core-js-compat package provides compatibility data for core-js, which is a modular standard library for JavaScript, including polyfills for ECMAScript up to the latest standards. It is useful for developers who need to know which features are available in core-js for a specific version of a browser or Node.js.
Compatibility Data Retrieval
Retrieve a list of features supported by core-js for a specific environment, such as Chrome 70.
const { list } = require('core-js-compat')({ targets: 'chrome 70' });
Custom Build Generation
Generate a list of core-js modules required to support a specific target, such as Internet Explorer 11, with a specific version of core-js.
const { getModulesListForTargetVersion } = require('core-js-compat');
const modulesList = getModulesListForTargetVersion({ targets: { ie: 11 }, version: '3.6' });
Babel-polyfill is a package that includes Babel transforms and a polyfill that includes a custom regenerator runtime and core-js. It is similar to core-js-compat in that it provides polyfills for ECMAScript features, but it is less modular and is deprecated in favor of directly including core-js and regenerator-runtime.
The es6-shim package provides polyfills for ECMAScript 6 (also known as ECMAScript 2015) features. It is similar to core-js-compat in providing polyfills, but it is focused only on ES6 features and does not provide the modular approach or the compatibility data that core-js-compat offers.
The polyfill-service package by Financial Times provides a service that returns a set of polyfills based on the user-agent string of the browser making the request. It is similar to core-js-compat in that it aims to provide polyfills for compatibility, but it does so as a service rather than a package to include in your project.
core-js-compat
package contains data about the necessity of core-js
modules and API for getting a list of required core-js modules by browserslist query.
const {
list, // array of required modules
targets, // object with targets for each module
} = require('core-js-compat')({
targets: '> 2.5%', // browserslist query or object of minimum environment versions to support
filter: /^(es|web)\./, // optional filter - string-prefix, regexp or list of modules
version: '3.4', // used `core-js` version, by default - the latest
});
console.log(targets);
/* =>
{
'es.symbol.match-all': { ios: '12.2-12.4' },
'es.array.unscopables.flat': { ios: '12.2-12.4' },
'es.array.unscopables.flat-map': { ios: '12.2-12.4' },
'es.math.hypot': { chrome: '77' },
'es.promise.all-settled': { firefox: '69', ios: '12.2-12.4' },
'es.promise.finally': { ios: '12.2-12.4' },
'es.string.match-all': { chrome: '77', firefox: '69', ios: '12.2-12.4' },
'es.string.replace': { firefox: '69', ios: '12.2-12.4' },
'es.typed-array.float32-array': { ios: '12.2-12.4' },
'es.typed-array.float64-array': { ios: '12.2-12.4' },
'es.typed-array.int8-array': { ios: '12.2-12.4' },
'es.typed-array.int16-array': { ios: '12.2-12.4' },
'es.typed-array.int32-array': { ios: '12.2-12.4' },
'es.typed-array.uint8-array': { ios: '12.2-12.4' },
'es.typed-array.uint8-clamped-array': { ios: '12.2-12.4' },
'es.typed-array.uint16-array': { ios: '12.2-12.4' },
'es.typed-array.uint32-array': { ios: '12.2-12.4' },
'es.typed-array.from': { ios: '12.2-12.4' },
'es.typed-array.of': { ios: '12.2-12.4' },
'web.dom-collections.iterator': { ios: '12.2-12.4' },
'web.immediate': { chrome: '77', firefox: '69', ios: '12.2-12.4' },
'web.url': { ios: '12.2-12.4' },
'web.url.to-json': { ios: '12.2-12.4' },
'web.url-search-params': { ios: '12.2-12.4' }
}
*/
Additional API:
// equals of of the method from the example above
require('core-js-compat/compat')({ targets, filter, version }); // => { list: Array<ModuleName>, targets: { [ModuleName]: { [EngineName]: EngineVersion } } }
// or
require('core-js-compat').compat({ targets, filter, version }); // => { list: Array<ModuleName>, targets: { [ModuleName]: { [EngineName]: EngineVersion } } }
// full compat data:
require('core-js-compat/data'); // => { [ModuleName]: { [EngineName]: EngineVersion } }
// or
require('core-js-compat').data; // => { [ModuleName]: { [EngineName]: EngineVersion } }
// map of modules by `core-js` entry points:
require('core-js-compat/entries'); // => { [EntryPoint]: Array<ModuleName> }
// or
require('core-js-compat').entries; // => { [EntryPoint]: Array<ModuleName> }
// full list of modules:
require('core-js-compat/modules'); // => Array<ModuleName>
// or
require('core-js-compat').modules; // => Array<ModuleName>
// the subset of modules which available in the passed `core-js` version:
require('core-js-compat/get-modules-list-for-target-version')('3.3'); // => Array<ModuleName>
// or
require('core-js-compat').getModulesListForTargetVersion('3.3'); // => Array<ModuleName>
If you want to add new / update data about modules required for target engines, follow this instruction.
NumericRangeIterator
as toStringTag instead of RangeIterator
in { Number, BigInt }.range
iterator, per this PRFAQs
core-js compat
The npm package core-js-compat receives a total of 0 weekly downloads. As such, core-js-compat popularity was classified as not popular.
We found that core-js-compat demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.