Security News
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
By Sarah Gooding - Jan 28, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
defs
Static scope analysis and transpilation of ES6 block scoped const and let variables, to ES3.
defs.js
Static scope analysis and transpilation of ES6 block scoped const and let
variables, to ES3.
Node already supports const and let so you can use that today
(run node --harmony and "use strict"). defs.js enables you to do the same
for browser code. While developing you can rely on the experimental support
in Chrome (chrome://flags, check Enable experimental JavaScript). defs.js is
also a pretty decent static scope analyzer/linter.
Installation and usage
npm install -g defs
Then run it as defs file.js. The errors (if any) will go to stderr,
the transpiled source to stdout, so redirect it like defs file.js > output.js.
More command line options is coming.
Configuration
defs looks for a defs-config.json configuration file in your current
directory. It will search for it in parent directories soon as you'd expect.
Example defs-config.json:
{
"environments": ["node", "browser"],
"globals": {
"my": false,
"hat": true
},
"disallowVars": false,
"disallowDuplicated": true,
"disallowUnknownReferences": true
}
globals lets you list your program's globals, and indicate whether they are
writable (true) or read-only (false), just like jshint.
environments lets you import a set of pre-defined globals, here node and
browser. These default environments are borrowed from jshint (see
jshint_globals/vars.js).
disallowVars (defaults to false) can be enabled to make
usage of var an error.
disallowDuplicated (defaults to true) errors on duplicated
var definitions in the same function scope.
disallowUnknownReferences (defaults to true) errors on references to
unknown global variables.
Example
Input example.js:
"use strict";
function fn() {
const y = 0;
for (let x = 0; x < 10; x++) {
const y = x * 2;
const z = y;
}
console.log(y); // prints 0
}
fn();
Output from running defs example.js:
"use strict";
function fn() {
var y = 0;
for (var x = 0; x < 10; x++) {
var y$0 = x * 2;
var z = y$0;
}
console.log(y); // prints 0
}
fn();
License
MIT, see LICENSE file.
FAQs
Static scope analysis and transpilation of ES6 block scoped const and let variables, to ES3.
The npm package defs receives a total of 53,714 weekly downloads. As such, defs popularity was classified as popular.
We found that defs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 24 Apr 2013
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
By Sarah Gooding - Jan 24, 2025
Security News
cURL Project and Go Security Teams Reject CVSS as Broken
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
By Sarah Gooding - Jan 24, 2025