Security News
Fluent Assertions Faces Backlash After Abandoning Open Source Licensing
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
The espurify npm package is used to create a deep copy of an ESTree-compliant AST (Abstract Syntax Tree) while removing extra properties that are not part of the ESTree specification. This is useful for ensuring that ASTs are standardized and can be used in various tools and libraries that expect a clean, compliant AST.
Deep Copy of ESTree AST
This feature allows you to create a deep copy of an ESTree-compliant AST while removing any extra properties that are not part of the ESTree specification. The code sample demonstrates parsing JavaScript code into an AST using Acorn, and then purifying that AST using espurify.
const espurify = require('espurify');
const acorn = require('acorn');
const code = 'const x = 42;';
const ast = acorn.parse(code, { ecmaVersion: 2020 });
const purifiedAst = espurify(ast);
console.log(JSON.stringify(purifiedAst, null, 2));
Estraverse is a package for traversing and manipulating ESTree-compliant ASTs. While it does not specifically purify ASTs by removing non-standard properties, it provides powerful traversal and manipulation capabilities that can be used in conjunction with espurify.
Escodegen is a package for generating JavaScript code from an ESTree-compliant AST. It focuses on code generation rather than purification, but it can be used to regenerate code from a purified AST created by espurify.
Esprima is a high-performance, standard-compliant JavaScript parser that produces ESTree-compliant ASTs. While it does not purify ASTs, it can be used to generate the initial AST that can then be purified using espurify.
Clone AST without extra properties
Returns new clone of originalAst
but without extra properties.
Leaves properties defined in The ESTree Spec (formerly known as Mozilla SpiderMonkey Parser API) only. Also note that extra informations (such as loc
, range
and raw
) are eliminated too.
(note: using espurify
as a default exported function is deprecated in favor of named exports aiming ESM era, and will be removed in future major releases)
Returns customized function for cloning AST, with user-provided allowList
.
(note: espurify.cloneWithWhitelist
is still exported but deprecated in favor of more inclusive language and will be removed in future major releases)
Returns new clone of originalAst
by customized function.
type | default value |
---|---|
object | N/A |
allowList
is an object containing NodeType as keys and properties as values.
{
ArrayExpression: ['type', 'elements'],
ArrayPattern: ['type', 'elements'],
ArrowFunctionExpression: ['type', 'id', 'params', 'body', 'generator', 'expression'],
AssignmentExpression: ['type', 'operator', 'left', 'right'],
...
Returns customized function for cloning AST, configured by custom options
.
Returns new clone of originalAst
by customized function.
type | default value |
---|---|
object | {} |
Configuration options. If not passed, default options will be used.
type | default value |
---|---|
string or number | 2025 |
Indicates the ECMAScript version to clone. Must be either 5, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023, 2024, 2025.
type | default value |
---|---|
array of string | null |
List of extra properties to be left in result AST. For example, functions returned by espurify.customize({extra: ['raw']})
will preserve raw
properties of Literal
. Functions return by espurify.customize({extra: ['loc', 'range']})
will preserve loc
and range
properties of each Node.
const espurify = require('espurify');
const estraverse = require('estraverse');
const acorn = require('acorn');
const syntax = estraverse.Syntax;
const assert = require('assert');
const jsCode = 'assert("foo")';
// Adding extra informations to AST
const originalAst = acorn.parse(jsCode, { locations: true, ranges: true, ecmaVersion: 2022 });
estraverse.replace(originalAst, {
leave: function (currentNode, parentNode) {
if (currentNode.type === syntax.Literal && typeof currentNode.raw !== 'undefined') {
currentNode['x-verbatim-bar'] = {
content : currentNode.raw,
precedence : 18 // escodegen.Precedence.Primary
};
return currentNode;
} else {
return undefined;
}
}
});
// purify AST
const purifiedClone = espurify.purifyAst(originalAst);
// Extra properties are eliminated from cloned AST
assert.deepEqual(purifiedClone, {
type: 'Program',
body: [
{
type: 'ExpressionStatement',
expression: {
type: 'CallExpression',
callee: {
type: 'Identifier',
name: 'assert'
},
arguments: [
{
type: 'Literal',
value: 'foo'
}
],
optional: false
}
}
],
sourceType: 'script'
});
// original AST is not modified
assert.deepEqual(originalAst,{
type: 'Program',
start: 0,
end: 13,
loc: {
start: {
line: 1,
column: 0
},
end: {
line: 1,
column: 13
}
},
range: [
0,
13
],
body: [
{
type: 'ExpressionStatement',
start: 0,
end: 13,
loc: {
start: {
line: 1,
column: 0
},
end: {
line: 1,
column: 13
}
},
range: [
0,
13
],
expression: {
type: 'CallExpression',
start: 0,
end: 13,
loc: {
start: {
line: 1,
column: 0
},
end: {
line: 1,
column: 13
}
},
range: [
0,
13
],
callee: {
type: 'Identifier',
start: 0,
end: 6,
loc: {
start: {
line: 1,
column: 0
},
end: {
line: 1,
column: 6
}
},
range: [
0,
6
],
name: 'assert'
},
arguments: [
{
type: 'Literal',
start: 7,
end: 12,
loc: {
start: {
line: 1,
column: 7
},
end: {
line: 1,
column: 12
}
},
range: [
7,
12
],
value: 'foo',
raw: '"foo"',
"x-verbatim-bar": {
content: '"foo"',
precedence: 18
}
}
],
optional: false
}
}
],
sourceType: 'script'
});
Install
$ npm install --save espurify
Use
const espurify = require('espurify');
Licensed under the MIT license.
FAQs
Clone AST without extra properties
The npm package espurify receives a total of 288,101 weekly downloads. As such, espurify popularity was classified as popular.
We found that espurify demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.