Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
es-abstract
Advanced tools
The es-abstract npm package provides utility functions for ECMAScript language abstract operations. These operations are the fundamental building blocks of the ECMAScript specification, which JavaScript and other related languages are based on. The package includes methods for type conversion, manipulation of objects, and working with language semantics as defined in various ECMAScript editions.
Type Conversion
Converts a value to a number as per ECMAScript abstract operation ToNumber.
const ES = require('es-abstract');
const value = '123';
const number = ES.ToNumber(value);
Object Manipulation
Gets an array of the own enumerable property names of an object.
const ES = require('es-abstract');
const obj = { a: 1 };
const keys = ES.EnumerableOwnNames(obj);
Working with Language Semantics
Calls a given function with a specific this value and arguments list.
const ES = require('es-abstract');
const result = ES.Call(Function.prototype.toString, () => {});
Lodash is a popular utility library that offers a wide range of functions for manipulating objects, arrays, numbers, strings, etc. It is more focused on practical application development rather than strictly adhering to ECMAScript abstract operations.
Core-js is a modular standard library for JavaScript, which includes polyfills for ECMAScript features. It provides functionality similar to es-abstract in terms of implementing ECMAScript standards, but it also includes polyfills for newer language features.
ECMAScript spec abstract operations.
Every operation is available by edition/year and by name - for example, es-abstract/2020/Call
gives you the Call
operation from ES2020, es-abstract/5/Type
gives you the Type
operation from ES5.
All abstract operations are also available under an es5
/es2015
/es2016
/es2017
/es2018
/es2019
/es2020
/es2021
entry point, and as a property on the main
export, but using deep imports is highly encouraged for bundle size and performance reasons. Non-deep entry points will be removed in the next semver-major release.
var ES = require('es-abstract');
var assert = require('assert');
assert(ES.isCallable(function () {}));
assert(!ES.isCallable(/a/g));
Simply clone the repo, npm install
, and run npm test
Please email @ljharb or see https://tidelift.com/security if you have a potential security vulnerability to report.
FAQs
ECMAScript spec abstract operations.
The npm package es-abstract receives a total of 24,188,427 weekly downloads. As such, es-abstract popularity was classified as popular.
We found that es-abstract demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.