Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Visit evanup.io to see it in action.
npm install evanup
Evan's language constructs (aka semantics types, or sTypes for short) are structurally described in description.json file.
As an example, a binary operation
definition looks like this:
"binary operation": {
"properties": {
"operator": { "type": "string" },
"left": { "type": "any" },
"right": { "type": "any" }
}
}
and here is an excerpt from an Evan program that uses this definition:
"body": {
"$sType": "if-then-else",
"condition": {
"$sType": "binary operation",
"operator": "<",
"left": {
"$sType": "value reference",
"name": "n"
},
"right": 2
}
For Evan, JSON is chosen as the concrete syntax- because it is a very well-known and supported format, and it's true.
But, of course, writing a program in JSON is tedious, uncomfortable and unproductive: after all, we'd be writing ASTs in a verbose form.
Enter evanup.io!, evanup is a peer to peer, decentralized webrtc client / projectional editor for building evan programs with friends in real-time.
It's built on top of many amazing technologies, which one of them happens to be Evan evaluator itself.
Evan "works" by providing the evaluator with any JSON input, and optionally an object table (external-objects).
The evaluator then tree-transforms this JSON according to the following rules:
$sType
are processed by their respective evaluation function.
undefined
(which corresponds loosely to e.g. Scala's None
).External Objects is Evan's way of interfacing with things outside any Evan program on its own. It's nothing more than a map/dictionary of names to objects, which expose functions. Using the semantics type object-function invocation
, you can interact with functions on these objects.
To get started with development, clone this repository and run npm install
or yarn
.
evan FILE OPTIONS
Options:
--semantics Print TypeScript semantics.
-v, --version Show meta-model version.
-h, --help Show this message.
mit
FAQs
a vaguely lispy language in the context of javascript
The npm package evanup receives a total of 0 weekly downloads. As such, evanup popularity was classified as not popular.
We found that evanup demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.