Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
esquery
Advanced tools
Package description
The esquery npm package is a tool for querying the abstract syntax tree (AST) of ECMAScript (JavaScript) code. It allows developers to find specific nodes within the AST using a CSS-like query syntax, making it easier to analyze and manipulate code structure programmatically.
Selecting nodes by type
This feature allows you to select all nodes of a specific type, such as all function declarations in the AST. The code sample demonstrates how to select all function declaration nodes.
esquery(ast, 'FunctionDeclaration');
Selecting nodes by attribute
You can select nodes based on their attributes, such as selecting all nodes where the name attribute is 'myFunction'. The code sample shows how to select nodes with a specific name.
esquery(ast, '[name="myFunction"]');
Pseudo-classes for node selection
Esquery supports pseudo-classes for more complex queries, such as selecting the second child node of every matched set. The code sample demonstrates selecting the second child node.
esquery(ast, ':nth-child(2)');
jscodeshift is a toolkit for running codemods over multiple JavaScript or TypeScript files. It uses a different approach than esquery by providing a more extensive API for transforming the AST but also supports querying the AST in a way similar to esquery.
acorn is a fast, small JavaScript parser that generates an abstract syntax tree (AST). While it doesn't offer querying capabilities like esquery, it's often used in conjunction with other tools to analyze and manipulate JavaScript code.
estraverse is a simple but powerful library for traversing and optionally modifying the AST of ECMAScript code. It doesn't use a query language like esquery but provides a programmatic way to navigate and manipulate nodes in the AST.
Readme
ESQuery is a library for querying the AST output by Esprima for patterns of syntax using a CSS style selector system. Check out the demo:
The following selectors are supported:
ForStatement
*
[attr]
[attr="foo"]
or [attr=123]
[attr=/foo.*/]
or (with flags) [attr=/foo.*/is]
[attr!="foo"]
, [attr>2]
, [attr<3]
, [attr>=2]
, or [attr<=3]
[attr.level2="foo"]
FunctionDeclaration > Identifier.id
:first-child
or :last-child
:nth-child(2)
:nth-last-child(1)
ancestor descendant
parent > child
node ~ sibling
node + adjacent
:not(ForStatement)
:has(ForStatement)
:matches([attr] > :first-child, :last-child)
!IfStatement > [name="foo"]
:statement
, :expression
, :declaration
, :function
, or :pattern
FAQs
A query library for ECMAScript AST using a CSS selector like query language.
The npm package esquery receives a total of 25,896,575 weekly downloads. As such, esquery popularity was classified as popular.
We found that esquery demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.