Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Check out code samples and rest of the wiki for more.
CST
means Concrete Syntax Tree. Unlike an AST
(Abstract Syntax Tree), a CST
contains all the information
from the JavaScript source file: whitespace, punctuators, comments. This information is extremely useful for
code style checkers and other code linters. CST
is also useful for cases when you need to apply modifications
to existing JavaScript files while preserving the initial file formatting.
This CST
implementation is designed to be 100%
compatible with JS AST
(https://github.com/estree/estree).
Main principles:
Let's see an example:
x = 0;
if (x) x++;
The CST for this example:
Element
is the base class for Node
and Token
.
declare class Element {
// traversal for children
childElements: Array<Element>;
firstChild: ?Element;
lastChild: ?Element;
// traversal for parent
parentElement: ?Element;
// traversing between siblings
nextSibling: ?Element;
previousSibling: ?Element;
// traversing to first/last tokens (not only direct tokens)
getFirstToken(): ?Token;
getLastToken(): ?Token;
// traversing to next/previous tokens (not only siblings)
getNextToken(): ?Token;
getPreviousToken(): ?Token;
// Code properties
type: string;
isToken: boolean;
isNode: boolean;
isExpression: boolean;
isStatement: boolean;
isWhitespace: boolean;
isFragment: boolean;
isFragment: boolean;
isModuleDeclaration: boolean;
isModuleSpecifier: boolean;
// Code methods
getSourceCode(): string;
getSourceCodeLength(): number;
// Mutation methods
// appends child to the end of the `Element`
appendChild(newElement: Element): void;
// prepends child to the end of the `Element`
prependChild(newElement: Element): void;
// inserts child before `referenceChild`
insertChildBefore(newElement: Element, referenceChild: Element): void;
// replaces specified child interval (from `firstChildRef` to lastChildRef`) with specified child.
replaceChildren(newElement: Element, firstRefChild: Element, lastRefChild: Element): void;
// Location methods
getRange(): Range;
getLoc(): Location;
}
declare class Token extends Element {
// token value
value: string;
}
type Range = [
start: number;
end: number;
];
type Position = {
line: number,
column: number
};
type Location = {
start: Position,
end: Position
};
Node
extends Element
. The Nodes are the "AST part of a CST". If you drop everything but Nodes from a CST
, you will
get a pure AST
from the Node structure. So it is fair to say that Nodes provide the AST
logic for a CST
. Currently
only Nodes can contain children.
The Node property isNode
always returns true
.
Token
extends Element
. The purpose of a CST
is to have tokens in the tree. By only manipulating tokens,
we can change code formatting without any effect on the behaviour.
The Token property isToken
always returns true
.
FAQs
JavaScript CST Implementation
The npm package cst receives a total of 0 weekly downloads. As such, cst popularity was classified as not popular.
We found that cst demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.