Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
estree-util-to-js
Advanced tools
estree (and esast) utility to serialize estrees as JavaScript.
This package is a utility that turns an estree syntax tree into a string of JavaScript.
You can use this utility when you want to get the serialized JavaScript that is represented by the syntax tree, either because you’re done with the syntax tree, or because you’re integrating with another tool that does not support syntax trees.
This utility is particularly useful when integrating with other unified tools, such as unist and vfile.
The utility esast-util-from-js
does the inverse of this
utility.
It turns JS into esast.
This package is ESM only. In Node.js (version 16+), install with npm:
npm install estree-util-to-js
In Deno with esm.sh
:
import {toJs} from 'https://esm.sh/estree-util-to-js@2'
In browsers with esm.sh
:
<script type="module">
import {toJs} from 'https://esm.sh/estree-util-to-js@2?bundle'
</script>
import fs from 'node:fs/promises'
import {parse} from 'acorn'
import {toJs} from 'estree-util-to-js'
const file = String(await fs.readFile('index.js'))
const tree = parse(file, {ecmaVersion: 2022, sourceType: 'module', locations: true})
// @ts-expect-error: acorn is funky but it works fine.
console.log(toJs(tree))
Yields:
{
value: "export {toJs} from './lib/index.js';\nexport {jsx} from './lib/jsx.js';\n",
map: undefined
}
This package exports the identifiers jsx
and toJs
.
There is no default export.
toJs(tree[, options])
Serialize an estree as JavaScript.
Result, optionally with source map (Result
).
jsx
Map of handlers to handle the nodes of JSX extensions in JavaScript
(Handlers
).
Handler
Handle a particular node (TypeScript type).
this
(Generator
)
— astring
generatornode
(Node
)
— node to serializestate
(State
)
— info passed aroundNothing (undefined
).
Handlers
Handlers of nodes (TypeScript type).
type Handlers = Partial<Record<Node['type'], Handler>>
Map
Raw source map from source-map
(TypeScript type).
Options
Configuration (TypeScript type).
SourceMapGenerator
(SourceMapGenerator
)
— generate a source map with this classfilePath
(string
)
— path to original input filehandlers
(Handlers
)
— extra handlersResult
Result (TypeScript type).
value
(string
)
— serialized JavaScriptmap
(Map
or undefined
)
— source map as (parsed) JSONState
State from astring
(TypeScript type).
Source maps are supported when passing the SourceMapGenerator
class from
source-map
.
You should also pass filePath
.
Modified example from § Use above:
import fs from 'node:fs/promises'
import {parse} from 'acorn'
+import {SourceMapGenerator} from 'source-map'
import {toJs} from 'estree-util-to-js'
-const file = String(await fs.readFile('index.js'))
+const filePath = 'index.js'
+const file = String(await fs.readFile(filePath))
const tree = parse(file, {
ecmaVersion: 2022,
@@ -11,4 +13,4 @@ const tree = parse(file, {
})
// @ts-expect-error: acorn is funky but it works fine.
-console.log(toJs(tree))
+console.log(toJs(tree, {filePath, SourceMapGenerator}))
Yields:
{
value: "export {toJs} from './lib/index.js';\nexport {jsx} from './lib/jsx.js';\n",
map: {
version: 3,
sources: [ 'index.js' ],
names: [],
mappings: 'QAOQ,WAAW;QACX,UAAU',
file: 'index.js'
}
}
To get comments to work, they have to be inside the tree.
This is not done by Acorn.
estree-util-attach-comments
can do that.
Modified example from § Use above:
import fs from 'node:fs/promises'
import {parse} from 'acorn'
+import {attachComments} from 'estree-util-attach-comments'
import {toJs} from 'estree-util-to-js'
const file = String(await fs.readFile('index.js'))
+/** @type {Array<import('estree-jsx').Comment>} */
+const comments = []
const tree = parse(file, {
ecmaVersion: 2022,
sourceType: 'module',
- locations: true
+ locations: true,
+ // @ts-expect-error: acorn is funky these comments are fine.
+ onComment: comments
})
+attachComments(tree, comments)
// @ts-expect-error: acorn is funky but it works fine.
console.log(toJs(tree))
Yields:
{
value: '/**\n' +
"* @typedef {import('./lib/index.js').Options} Options\n" +
"* @typedef {import('./lib/types.js').Handler} Handler\n" +
"* @typedef {import('./lib/types.js').Handlers} Handlers\n" +
"* @typedef {import('./lib/types.js').State} State\n" +
'*/\n' +
"export {toJs} from './lib/index.js';\n" +
"export {jsx} from './lib/jsx.js';\n",
map: undefined
}
To get JSX to work, handlers need to be registered.
This is not done by default, but they are exported as jsx
and can be passed.
Modified example from § Use above:
import fs from 'node:fs/promises'
-import {parse} from 'acorn'
-import {toJs} from 'estree-util-to-js'
+import {Parser} from 'acorn'
+import acornJsx from 'acorn-jsx'
+import {jsx, toJs} from 'estree-util-to-js'
-const file = String(await fs.readFile('index.js'))
+const file = '<>{1 + 1}</>'
-const tree = parse(file, {
+const tree = Parser.extend(acornJsx()).parse(file, {
ecmaVersion: 2022,
sourceType: 'module',
locations: true
})
// @ts-expect-error: acorn is funky but it works fine.
-console.log(toJs(tree))
+console.log(toJs(tree, {handlers: jsx}))
Yields:
{ value: '<>{1 + 1}</>;\n', map: undefined }
This package is fully typed with TypeScript.
It exports the additional types Handler
,
Handlers
,
Map
,
Options
,
Result
, and
State
.
Projects maintained by the unified collective are compatible with maintained versions of Node.js.
When we cut a new major release, we drop support for unmaintained versions of
Node.
This means we try to keep the current release line, estree-util-to-js@^2
,
compatible with Node.js 16.
See contributing.md
in syntax-tree/.github
for
ways to get started.
See support.md
for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.
FAQs
estree (and esast) utility to serialize to JavaScript
We found that estree-util-to-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.