Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Fork from https://github.com/cyco130/detype, Since the original author has not processed the PR for a long time, a patch version has been released for the time being until original repo is active again.
npm i -g detypes
Suppose you have a library that you want to provide usage examples for. detypes can help you generate vanilla JavaScript samples from TypeScript samples automatically and remove the burden of maintaining two separate versions of what is essentially the same code.
It is a command line tool and a library that removes type annotations and other TypeScript specific syntax constructs and outputs vanilla JavaScript without altering the source formatting too much. It supports .ts
, .tsx
, as well as .vue
files.
In other words, it turns this:
import type { ParsedPath } from 'node:path'
let x: string
// This comment should be kept
// This comment should be deleted
// Ditto for this
interface Foo {
// This should go too
bar: number
}
// This comment should also be kept
export function bar(foo: Foo): Date {
return new Date()
}
into this:
let x
// This comment should be kept
// This comment should also be kept
export function bar(foo) {
return new Date()
}
The output is very close to hand-written JavaScript, especially if you were already using Prettier for formatting.
tsc
already do that?There are lots of tools for transpiling TypeScript into plain JavaScript (tsc
, babel
, swc
, esbuild
, sucrase
etc.) but none of them is perfectly suitable for this specific use case. Most of them don't preserve the formatting at all. sucrase
comes close, but it doesn't remove comments attached to TypeScript-only constructs.
detypes
uses Babel, a small Babel plugin to remove comments attached to TypeScript-only constructs, and Prettier under the hood. For Vue files, it also uses the tools from the VueDX project.
Sometimes you want the generated JavaScript to be slightly different than the TypeScript original. You can use the magic comments feature to achieve this:
Input:
// @detypes: replace
// These two lines will be removed
console.log('Hello from TypeScript')
// @detypes: with
// // Notice the double comments!
// console.log("Hello from JavaScript");
// @detypes: end
Output:
// Notice the double comments!
console.log('Hello from JavaScript')
If you just want to remove the magic comments, you can use the -m
CLI flag or the removeMagicComments
function to generate uncluttered TypeScript like this:
// These two lines will be removed
console.log('Hello from TypeScript')
detypes
requires Node version 14.19.3 or later.
detypes [-m | --remove-magic-comments] <INPUT> [OUTPUT]
INPUT Input file or directory
OUTPUT Output file or directory
(optional if it can be inferred and it won't overwrite the source file)
-t, --remove-ts-comments
Remove @ts-ignore and @ts-expect-error comments
-m, --remove-magic-comments
Remove magic comments only, don't perform ts > js transform
detypes [-v | --version]
Print version and exit
detypes [-h | --help]
Print this help and exit
// Transform TypeScript code into vanilla JavaScript without affecting the formatting
function transform(
// Source code
code: string,
// File name for the source
fileName: string,
// Options to pass to prettier
prettierOptions?: PrettierOptions | null,
): Promise<string>
// Transform the input file and write the output to another file
function transformFile(
inputFileName: string,
outputFileName: string,
): Promise<void>
// Remove magic comments without performing the TS to JS transform
export function removeMagicComments(
// Source code
code: string,
// File name for the source
fileName: string,
// Options to pass to prettier
prettierOptions?: PrettierOptions | null,
): string
// Remove magic comments from the input file and write the output to another file
export function removeMagicCommentsFromFile(
inputFileName: string,
outputFileName: string,
): Promise<void>
Fatih Aygün, under MIT License
FAQs
Removes TypeScript type annotations but keeps the formatting
We found that detypes demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.