Security News
CVE Volume Surges Past 48,000 in 2025 as WordPress Plugin Ecosystem Drives Growth
CVE disclosures hit a record 48,185 in 2025, driven largely by vulnerabilities in third-party WordPress plugins.
By Sarah Gooding - Jan 09, 2026
escallmatch
Advanced tools
escallmatch
ECMAScript CallExpression matcher made from function/method signature
EXAMPLE
Creating CallExpression matcher for method signature 'assert.equal(actual, expected, [message])'.
Then match against path/to/some_test.js.
var escallmatch = require('escallmatch');
var esprima = require('esprima');
var estraverse = require('estraverse');
var fs = require('fs');
var matcher = escallmatch('assert.equal(actual, expected, [message])');
estraverse.traverse(esprima.parse(fs.readFileSync('path/to/some_test.js')), {
enter: function (currentNode, parentNode) {
if (matcher.test(currentNode)) {
// currentNode is a CallExpression that matches to the signature
}
var argMatched = matcher.matchArgument(currentNode, parentNode);
if (argMatched) {
if (argMatched.kind === 'mandatory') {
// mandatory arg (in this case, `actual` or `expected`)
} else if (argMatched.kind === 'optional') {
// optional arg (in this case, `message`)
}
}
}
});
where content of path/to/some_test.js is:
var assert = require('assert');
var anotherAssert = assert;
var equal = assert.equal.bind(assert);
var foo = '2';
var bar = 2;
assert.equal(foo, bar); // matches
assert.equal(bar, foo); // matches
assert.equal(foo, bar, 'foo shoule be equal to bar'); // matches (with optional arg)
assert.equal(); // does not match (less args)
assert.equal(foo); // does not match (less args)
assert.equal(foo, bar, 'hoge', 'fuga'); // does not match (too much args)
assert.notEqual(foo, bar); // does not match (callee method name differs)
anotherAssert.equal(foo, bar); // does not match (callee object name differs)
equal(foo, bar); // does not match (callee does not match)
escallmatch is a spin-off product of power-assert project.
Pull-requests, issue reports and patches are always welcomed.
API
var matcher = escallmatch(signatureStr, [options])
Create matcher object for a given function/method signature string.
var matcher = escallmatch('assert.equal(actual, expected, [message])');
Any arguments enclosed in bracket (for example, [message]) means optional parameters. Without bracket means mandatory parameters.
Returns matcher object having four methods, test, matchArgument, calleeAst, and argumentSignatures.
options
an object for configuration options. If not passed, default options will be used.
options.visitorKeys
| type | default value |
|---|---|
object | (return value of estraverse.VisitorKeys) |
VisitorKeys for AST traversal. See estraverse.VisitorKeys and babel.types.VISITOR_KEYS.
options.astWhiteList
| type | default value |
|---|---|
object | N/A |
Type and property whitelist on creating AST clone. astWhiteList is an object containing NodeType as keys and properties as values.
{
ArrayExpression: ['type', 'elements'],
ArrayPattern: ['type', 'elements'],
ArrowFunctionExpression: ['type', 'id', 'params', 'body', 'generator', 'expression'],
AssignmentExpression: ['type', 'operator', 'left', 'right'],
...
var isMatched = matcher.test(node)
Tests whether node matches the signature or not.
- Returns
trueif matched. - Returns
falseif not matched.
node should be an AST node object defined in Mozilla JavaScript AST spec.
var argMatched = matcher.matchArgument(node, parentNode)
Returns match result object representing whether node (and its parentNode) matches some argument of the signature or not.
- Returns
nullif not matched. - If matched, returns object like
{name: 'actual', kind: 'mandatory'}, whosenameis an argument name in the signature andkindis'mandatory'or'optional'.
node and parentNode should be AST node objects defined in Mozilla JavaScript AST spec.
var calleeAst = matcher.calleeAst()
Returns clone of callee AST object based on signature passed to escallmatch function. Returned tree is one of AST node objects defined in Mozilla JavaScript AST spec (in most cases, Identifier or MemberExpression).
var argSigs = matcher.argumentSignatures()
Returns array of argument signature objects based on signature passed to escallmatch function. Returns array of objects like [{name: 'actual', kind: 'mandatory'}], whose name is an argument name in the signature and kind is 'mandatory' or 'optional'.
INSTALL
via npm
Install
$ npm install --save escallmatch
via bower
Install
$ bower install --save escallmatch
Then load (escallmatch function is exported)
<script type="text/javascript" src="./path/to/bower_components/escallmatch/build/escallmatch.js"></script>
CHANGELOG
See CHANGELOG
AUTHOR
LICENSE
Licensed under the MIT license.
Keywords
FAQs
ECMAScript CallExpression matcher made from function/method signature
The npm package escallmatch receives a total of 27,879 weekly downloads. As such, escallmatch popularity was classified as popular.
We found that escallmatch demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 20 Aug 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Insecure Agents Podcast: Certified Patches, Supply Chain Security, and AI Agents
Socket CEO Feross Aboukhadijeh joins Insecure Agents to discuss CVE remediation and why supply chain attacks require a different security approach.
By Sarah Gooding - Jan 08, 2026
Security News
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models
Tailwind Labs laid off 75% of its engineering team after revenue dropped 80%, as LLMs redirect traffic away from documentation where developers discover paid products.
By Sarah Gooding - Jan 08, 2026