Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
es-abstract
Advanced tools
The es-abstract npm package provides utility functions for ECMAScript language abstract operations. These operations are the fundamental building blocks of the ECMAScript specification, which JavaScript and other related languages are based on. The package includes methods for type conversion, manipulation of objects, and working with language semantics as defined in various ECMAScript editions.
Type Conversion
Converts a value to a number as per ECMAScript abstract operation ToNumber.
const ES = require('es-abstract');
const value = '123';
const number = ES.ToNumber(value);
Object Manipulation
Gets an array of the own enumerable property names of an object.
const ES = require('es-abstract');
const obj = { a: 1 };
const keys = ES.EnumerableOwnNames(obj);
Working with Language Semantics
Calls a given function with a specific this value and arguments list.
const ES = require('es-abstract');
const result = ES.Call(Function.prototype.toString, () => {});
Lodash is a popular utility library that offers a wide range of functions for manipulating objects, arrays, numbers, strings, etc. It is more focused on practical application development rather than strictly adhering to ECMAScript abstract operations.
Core-js is a modular standard library for JavaScript, which includes polyfills for ECMAScript features. It provides functionality similar to es-abstract in terms of implementing ECMAScript standards, but it also includes polyfills for newer language features.
ECMAScript spec abstract operations.
Every operation is available by edition/year and by name - for example, es-abstract/2020/Call
gives you the Call
operation from ES2020, es-abstract/5/Type
gives you the Type
operation from ES5.
All abstract operations are also available under an es5
/es2015
/es2016
/es2017
/es2018
/es2019
/es2020
/es2021
entry point, and as a property on the main
export, but using deep imports is highly encouraged for bundle size and performance reasons. Non-deep entry points will be removed in the next semver-major release.
var ES = require('es-abstract');
var assert = require('assert');
assert(ES.isCallable(function () {}));
assert(!ES.isCallable(/a/g));
Simply clone the repo, npm install
, and run npm test
Please email @ljharb or see https://tidelift.com/security if you have a potential security vulnerability to report.
FAQs
ECMAScript spec abstract operations.
We found that es-abstract demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.