Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
DOM-like wrapper around the Javascript AST
$ npm install eselement --save
// amd2cjs.js
// convert AMD modules to CommonJS.
var fs = require("fs");
var eselement = require("eselement");
var content = fs.readFileSync(process.argv[2])
, program = eselement.createElement(content);
var define = program.querySelector("CallExpression[callee.name='define']");
if (define) {
var arr = define.arguments[0]
, fn = define.arguments[1];
var libs = arr.elements.map(function (e) { return e.value })
, names = fn.params.map(function (p) { return p.name; })
, body = fn.body.body;
define.parentElement.removeChild(define);
libs.forEach(function (lib, i) {
var el = names[i] ? eselement.createElement("var " + names[i] + " = require('" + lib + "')")
: eselement.createElement("require('" + lib + "')");
program.appendChild("body", el);
});
program.appendChild("body", body);
console.log(program.outerCode());
}
$ cat amd_module.js
define(["crypto"], function (crypto) {
var ciphers = crypto.getCiphers();
console.log(ciphers);
});
$ node amd2cjs.js amd_module.js
var crypto = require('crypto');
var ciphers = crypto.getCiphers();
console.log(ciphers);
Creates and element from either Javascript code or Mozilla Parser AST.
All attributes from the AST are copied onto the Element, for example
an element of type Program
will have an attribute body
.
A reference to the Elements parent, if it has no parent it's null
.
A string denoting the attribute on the parent in which this element is in.
Get all children of an element.
Get the first child of an element.
Get the last child of an element.
Select elements using esquery.
Select the first matching element using esquery.
Sets the attribute attribute
to value
. Does checking to see if
value
is of the correct type for attribute
.
Append child
to element attribute attribute
.
Remove child
from element.
Replace oldChild
with newChild
in element.
Return a clone of element.
Return the AST for element.
Return the javascript code for element.
0.1.3 (2015-03-26)
setAttribute
to Element.FAQs
DOM-like wrapper around the Javascript AST
The npm package eselement receives a total of 20 weekly downloads. As such, eselement popularity was classified as not popular.
We found that eselement demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.