New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket

esfuzz

Package Overview
Dependencies
Maintainers
1
Versions
5
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

esfuzz

JS fuzzer for generative testing of parsers that implement the SpiderMonkey Reflect.parse API

  • 0.3.1
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
3
decreased by-84.21%
Maintainers
1
Weekly downloads
 
Created
Source

esfuzz

Fuzzer for generative testing of ECMAScript parsers, especially those that implement the SpiderMonkey Reflect.parse API.

Install

npm install -g esfuzz

Usage

CLI

$ esfuzz --help


  Usage: esfuzz OPT*

  -n, --iterations NUM  use at most NUM programs; default: unlimited
  -d, --max-depth NUM   create ASTs with a height no greater than NUM; default: 8
  --acorn               enable marijnh/acorn parser; default: on
  --es6                 allow ECMAScript 6 features in generated programs
  --esprima             enable ariya/esprima parser; default: on
  --help                display this help message and exit
  --reflect             enable Reflect.parse parser; default: on if it exists
  --reflectjs           enable zaach/reflect.js parser
  --uglifyjs            enable limited support for mishoo/UglifyJS2
  --version             display the version number and exit
  --zeparser            enable limited support for qfox/ZeParser

Module Interface

generate(options) -> SpiderMonkey_AST

Generate a random SpiderMonkey AST that represents a valid ECMAScript program. Available options:

  • maxDepth: create ASTs with a height no greater than this value
render(programAST, format) -> String (JS program)

Render a SpiderMonkey AST as an ECMAScript program. If the format argument is omitted, a random format will be used. Otherwise, the given object must be in the format of escodegen's format option.

fuzz(programAST, parsers) -> void

Takes a SpiderMonkey AST and a list of objects that have a parse method that obeys the SpiderMonkey Reflect.parse API. This function will generate concrete syntax and run it through each parser. If any of the parsers fail to parse the program, an error will be thrown.

fuzzAndRoundtrip(programAST, parsers) -> void

Identical to fuzz, except additionally compares the outputs of each parser to the generated program. If any of the parsers fail to parse the program or fail to generate an AST equivalent to the given one, an error will be thrown.

Keywords

FAQs

Package last updated on 03 Jul 2014

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc