Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
The esquery npm package is a tool for querying the abstract syntax tree (AST) of ECMAScript (JavaScript) code. It allows developers to find specific nodes within the AST using a CSS-like query syntax, making it easier to analyze and manipulate code structure programmatically.
Selecting nodes by type
This feature allows you to select all nodes of a specific type, such as all function declarations in the AST. The code sample demonstrates how to select all function declaration nodes.
esquery(ast, 'FunctionDeclaration');
Selecting nodes by attribute
You can select nodes based on their attributes, such as selecting all nodes where the name attribute is 'myFunction'. The code sample shows how to select nodes with a specific name.
esquery(ast, '[name="myFunction"]');
Pseudo-classes for node selection
Esquery supports pseudo-classes for more complex queries, such as selecting the second child node of every matched set. The code sample demonstrates selecting the second child node.
esquery(ast, ':nth-child(2)');
jscodeshift is a toolkit for running codemods over multiple JavaScript or TypeScript files. It uses a different approach than esquery by providing a more extensive API for transforming the AST but also supports querying the AST in a way similar to esquery.
acorn is a fast, small JavaScript parser that generates an abstract syntax tree (AST). While it doesn't offer querying capabilities like esquery, it's often used in conjunction with other tools to analyze and manipulate JavaScript code.
estraverse is a simple but powerful library for traversing and optionally modifying the AST of ECMAScript code. It doesn't use a query language like esquery but provides a programmatic way to navigate and manipulate nodes in the AST.
ESQuery is a library for querying the AST output by Esprima for patterns of syntax using a CSS style selector system. Check out the demo:
The following selectors are supported:
ForStatement
*
[attr]
[attr="foo"]
or [attr=123]
[attr=/foo.*/]
[attr!="foo"]
, [attr>2]
, [attr<3]
, [attr>=2]
, or [attr<=3]
[attr.level2="foo"]
:first-child
or :last-child
:nth-child(2)
:nth-last-child(1)
ancestor descendant
parent > child
node ~ sibling
node + adjacent
:not(ForStatement)
:matches([attr] > :first-child, :last-child)
IfStatement! > [name="foo"]
FAQs
A query library for ECMAScript AST using a CSS selector like query language.
The npm package esquery receives a total of 35,391,234 weekly downloads. As such, esquery popularity was classified as popular.
We found that esquery demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.