Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
This is a library for comparing tables, producing a summary of their differences, and using such a summary as a patch file. It is optimized for comparing tables that share a common origin, in other words multiple versions of the "same" table.
For a live demo, see:
Install the library for your favorite language:
npm install daff -g # node/javascript
pip install daff # python
gem install daff # ruby
composer require paulfitz/daff-php # php
install.packages('daff') # R wrapper by Edwin de Jonge
bower install daff # web/javascript
Other translations are available here:
Or use the library to view csv diffs on github via a chrome extension:
The diff format used by daff
is specified here:
This library is a stripped down version of the coopy toolbox (see http://share.find.coop). To compare tables from different origins, or with automatically generated IDs, or other complications, check out the coopy toolbox.
You can run daff
/daff.py
/daff.rb
as a utility program:
$ daff
daff can produce and apply tabular diffs.
Call as:
daff [--output OUTPUT.csv] a.csv b.csv
daff [--output OUTPUT.csv] parent.csv a.csv b.csv
daff [--output OUTPUT.ndjson] a.ndjson b.ndjson
daff patch [--inplace] [--output OUTPUT.csv] a.csv patch.csv
daff merge [--inplace] [--output OUTPUT.csv] parent.csv a.csv b.csv
daff trim [--output OUTPUT.csv] source.csv
daff render [--output OUTPUT.html] diff.csv
daff git
daff version
The --inplace option to patch and merge will result in modification of a.csv.
If you need more control, here is the full list of flags:
daff diff [--output OUTPUT.csv] [--context NUM] [--all] [--act ACT] a.csv b.csv
--context NUM: show NUM rows of context
--all: do not prune unchanged rows
--act ACT: show only a certain kind of change (update, insert, delete)
daff diff --git path old-file old-hex old-mode new-file new-hex new-mode
--git: process arguments provided by git to diff drivers
daff render [--output OUTPUT.html] [--css CSS.css] [--fragment] [--plain] diff.csv
--css CSS.css: generate a suitable css file to go with the html
--fragment: generate just a html fragment rather than a page
--plain: do not use fancy utf8 characters to make arrows prettier
Formats supported are CSV, TSV, and ndjson.
Run daff git csv
to install daff as a diff and merge handler
for *.csv
files in your repository. Run daff git
for instructions
on doing this manually. Your CSV diffs and merges will get smarter,
since git will suddenly understand about rows and columns, not just lines:
You can use daff
as a library from any supported language. We take
here the example of Javascript. To use daff
on a webpage,
first include daff.js
:
<script src="daff.js"></script>
Or if using node outside the browser:
var daff = require('daff');
For concreteness, assume we have two versions of a table,
data1
and data2
:
var data1 = [
['Country','Capital'],
['Ireland','Dublin'],
['France','Paris'],
['Spain','Barcelona']
];
var data2 = [
['Country','Code','Capital'],
['Ireland','ie','Dublin'],
['France','fr','Paris'],
['Spain','es','Madrid'],
['Germany','de','Berlin']
];
To make those tables accessible to the library, we wrap them
in daff.TableView
:
var table1 = new daff.TableView(data1);
var table2 = new daff.TableView(data2);
We can now compute the alignment between the rows and columns in the two tables:
var alignment = daff.compareTables(table1,table2).align();
To produce a diff from the alignment, we first need a table for the output:
var data_diff = [];
var table_diff = new daff.TableView(data_diff);
Using default options for the diff:
var flags = new daff.CompareFlags();
var highlighter = new daff.TableDiff(alignment,flags);
highlighter.hilite(table_diff);
The diff is now in data_diff
in highlighter format, see
specification here:
[ [ '!', '', '+++', '' ],
[ '@@', 'Country', 'Code', 'Capital' ],
[ '+', 'Ireland', 'ie', 'Dublin' ],
[ '+', 'France', 'fr', 'Paris' ],
[ '->', 'Spain', 'es', 'Barcelona->Madrid' ],
[ '+++', 'Germany', 'de', 'Berlin' ] ]
For visualization, you may want to convert this to a HTML table with appropriate classes on cells so you can color-code inserts, deletes, updates, etc. You can do this with:
var diff2html = new daff.DiffRender();
diff2html.render(table_diff);
var table_diff_html = diff2html.html();
For 3-way differences (that is, comparing two tables given knowledge
of a common ancestor) use daff.compareTables3
(give ancestor
table as the first argument).
Here is how to apply that difference as a patch:
var patcher = new daff.HighlightPatch(table1,table_diff);
patcher.apply();
// table1 should now equal table2
For other languages, you should find sample code in the packages on the Releases page.
The daff
library is written in Haxe, which
can be translated reasonably well into at least the following languages:
daff
)Some translations are done for you on the
Releases page.
To make another translation, or to compile from source
first follow the Haxe getting started tutorial for the
language you care about. At the time of writing, if you are on OSX, you should
install haxe using brew install haxe --HEAD
. Then do one of:
make js
make php
make py
make java
make cs
make cpp
For each language, the daff
library expects to be handed an interface to tables you create, rather than creating them
itself. This is to avoid inefficient copies from one format to another. You'll find a SimpleTable
class you can use if
you find this awkward.
Other possibilities:
daff
classes at http://paulfitz.github.io/daff-doc/daff is distributed under the MIT License.
FAQs
Diff and patch tables
The npm package daff receives a total of 5,248 weekly downloads. As such, daff popularity was classified as popular.
We found that daff demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.