Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
espree
Advanced tools
Package description
Espree is an actively-maintained JavaScript parsing library used to parse ECMAScript (JavaScript) code. It is built on top of Acorn, a high-performance, tiny JavaScript parser, and it adheres to the ECMAScript standard. Espree is often used in the context of development tools and frameworks to analyze and understand JavaScript code structure or to enable code transformation.
Parsing JavaScript code to an Abstract Syntax Tree (AST)
This feature allows developers to parse a string of JavaScript code into an AST, which can then be used for various static analysis tasks.
const espree = require('espree');
const ast = espree.parse('let x = 5;');
Parsing with specific ECMAScript version
Espree can parse code according to a specified ECMAScript version, allowing developers to work with features from different stages of JavaScript evolution.
const espree = require('espree');
const ast = espree.parse('let x = 5;', { ecmaVersion: 2020 });
Parsing with source type module
Espree can parse code written in module format, which includes the use of `import` and `export` statements.
const espree = require('espree');
const ast = espree.parse('export var x = 5;', { sourceType: 'module' });
Acorn is a small, fast, JavaScript-based JavaScript parser. Espree is based on Acorn, but Espree provides additional support for experimental ECMAScript features and ESLint-specific extensions.
Babel-parser (formerly known as @babel/parser) is a JavaScript parser used by Babel. It is similar to Espree but has a stronger focus on transforming and compiling JavaScript code to work with older browsers or environments.
Esprima is a high performance, standard-compliant ECMAScript parser. It is similar to Espree in its parsing capabilities but differs in its API and the fact that it does not extend Acorn.
Readme
Espree is an actively-maintained fork Esprima, a high performance, standard-compliant ECMAScript parser written in ECMAScript (also popularly known as JavaScript).
Install:
npm i espree --save
And in your Node.js code:
var espree = require("espree");
var ast = espree.parse(code);
There is a second argument to parse()
that allows you to specify various options:
var espree = require("espree");
var ast = espree.parse(code, {
// attach range information to each node
range: true,
// attach line/column location information to each node
loc: true,
// create a top-level comments array containing all comments
comments: true,
// attach comments to the closest relevant node as leadingComments and
// trailingComments
attachComment: true,
// create a top-level tokens array containing all tokens
tokens: true,
// try to continue parsing if an error is encountered, store errors in a
// top-level errors array
tolerant: true,
// specify parsing features (default only has blockBindings: true)
// setting this option replaces the default values
ecmaFeatures: {
// enable parsing of arrow functions
arrowFunctions: true,
// enable parsing of let/const
blockBindings: true,
// enable parsing of destructured arrays and objects
destructuring: true,
// enable parsing of regular expression y flag
regexYFlag: true,
// enable parsing of regular expression u flag
regexUFlag: true,
// enable parsing of template strings
templateStrings: true,
// enable parsing of binary literals
binaryLiterals: true,
// enable parsing of ES6 octal literals
octalLiterals: true,
// enable parsing unicode code point escape sequences
unicodeCodePointEscapes: true,
// enable parsing of default parameters
defaultParams: true,
// enable parsing of rest parameters
restParams: true,
// enable parsing of for-of statement
forOf: true,
// enable parsing computed object literal properties
objectLiteralComputedProperties: true,
// enable parsing of shorthand object literal methods
objectLiteralShorthandMethods: true,
// enable parsing of shorthand object literal properties
objectLiteralShorthandProperties: true,
// Allow duplicate object literal properties (except '__proto__')
objectLiteralDuplicateProperties: true,
// enable parsing of generators/yield
generators: true,
// enable parsing spread operator
spread: true,
// enable super in functions
superInFunctions: true,
// enable parsing classes
classes: true,
// enable parsing of new.target
newTarget: false,
// enable parsing of modules
modules: true,
// enable React JSX parsing
jsx: true,
// enable return in global scope
globalReturn: true,
// allow experimental object rest/spread
experimentalObjectRestSpread: true
}
});
Espree starts as a fork of Esprima v1.2.2, the last stable published released of Esprima before work on ECMAScript 6 began. Espree's first version is therefore v1.2.2 and is 100% compatible with Esprima v1.2.2 as a drop-in replacement. The version number will be incremented based on semantic versioning as features and bug fixes are added.
The immediate plans are:
ecmaVersion
property).The primary goal is to produce the exact same AST structure as Esprima and Acorn, and that takes precedence over anything else. (The AST structure being the ESTree API with JSX extensions.) Separate from that, Espree may deviate from what Esprima outputs in terms of where and how comments are attached, as well as what additional information is available on AST nodes. That is to say, Espree may add more things to the AST nodes than Esprima does but the overall AST structure produced will be the same.
Espree may also deviate from Esprima in the interface it exposes.
Espree will not do giant releases. Releases will happen periodically as changes are made and incremental releases will be made towards larger goals. For instance, we will not have one big release for ECMAScript 6 support. Instead, we will implement ECMAScript 6, piece-by-piece, hiding those pieces behind an ecmaFeatures
property that allows you to opt-in to use those features.
Issues and pull requests will be triaged and responded to as quickly as possible. We operate under the ESLint Contributor Guidelines, so please be sure to read them before contributing. If you're not sure where to dig in, check out the issues.
Espree is licensed under a permissive BSD 2-clause license.
npm test
- run all linting and testsnpm run lint
- run all lintingnpm run browserify
- creates a version of Espree that is usable in a browserIn an effort to help those wanting to transition from other parsers to Espree, the following is a list of noteworthy incompatibilities with other parsers. These are known differences that we do not intend to change.
ESLint has been relying on Esprima as its parser from the beginning. While that was fine when the JavaScript language was evolving slowly, the pace of development has increased dramatically and Esprima has fallen behind. ESLint, like many other tools reliant on Esprima, has been stuck in using new JavaScript language features until Esprima updates, and that has caused our users frustration.
We decided the only way for us to move forward was to create our own parser, bringing us inline with JSHint and JSLint, and allowing us to keep implementing new features as we need them. We chose to fork Esprima instead of starting from scratch in order to move as quickly as possible with a compatible API.
Yes. Since the start of ESLint, we've regularly filed bugs and feature requests with Esprima. Unfortunately, we've been unable to make much progress towards getting our needs addressed.
We are actively working with Esprima as part of its adoption by the jQuery Foundation. We are hoping to reconcile Espree with Esprima at some point in the future, but there are some different philosophies around how the projects work that need to be worked through. We're committed to a goal of merging Espree back into Esprima, or at the very least, to have Espree track Esprima as an upstream target so there's no duplication of effort. In the meantime, we will continue to update and maintain Espree.
esprima-fb
is Facebook's Esprima fork that features JSX and Flow type annotations. We tried working with esprima-fb
in our evaluation of how to support ECMAScript 6 and JSX in ESLint. Unfortunately, we were hampered by bugs that were part of Esprima (not necessarily Facebook's code). Since esprima-fb
tracks the Esprima Harmony branch, that means we still were unable to get fixes or features we needed in a timely manner.
Acorn is a great JavaScript parser that produces an AST that is compatible with Esprima. Unfortunately, ESLint relies on more than just the AST to do its job. It relies on Esprima's tokens and comment attachment features to get a complete picture of the source code. We investigated switching to Acorn, but the inconsistencies between Esprima and Acorn created too much work for a project like ESLint.
We expect there are other tools like ESLint that rely on more than just the AST produced by Esprima, and so a drop-in replacement will help those projects as well as ESLint.
All of them.
FAQs
An Esprima-compatible JavaScript parser built on Acorn
The npm package espree receives a total of 30,585,439 weekly downloads. As such, espree popularity was classified as popular.
We found that espree demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.