New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

gen-codemod

Package Overview
Dependencies
Maintainers
1
Versions
11
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

gen-codemod

Generate codemods by comparing two JavaScript files

latest
Source
npmnpm
Version
1.0.10
Version published
Maintainers
1
Created
Source

gen-codemod

Generate codemod by comparing two JavaScript files.

Usage

gen-codemod INITIAL.js DESIRED.js > my-transform.js

INITIAL.js is the initial, pre-codemod JavaScript you'd like to change.

DESIRED.js is the desired, post-codemod JavaScript you'd like to have.

gen-codemod compares these two files and creates a codemod to get from INITIAL.js to DESIRED.js.

Example

When upgrading from sinon.js v1 -> v2, every instance of sinon.stub(obj, method, fn) needs to be changed to sinon.stub(obj, method).andCallsFake(fn). We can generate this codemod as follows:

echo "sinon.stub(A, B, C)" > sinon-v1.js
echo "sinon.stub(A, B).andCallFake(C)" > sinon-v2.js
gen-codemod sinon-v1.js sinon-v2.js

Note: Single uppercase letters, such as A, B, C, etc, are used as variables and match any AST node.

This outputs:

module.exports = function(file, api) {
  const j = api.jscodeshift;

  const rootProperties = {
    type: 'CallExpression',
    callee: {
      type: 'MemberExpression',
      object: { type: 'Identifier', name: 'sinon' },
      property: { type: 'Identifier', name: 'stub' },
      computed: false
    },
    arguments: [{}, {}, {}]
  };

  function getTransform(path) {
    return j.callExpression(
      j.memberExpression(
        j.callExpression(
          j.memberExpression(
            j.identifier('sinon'),
            j.identifier('stub'),
            false
          ),
          [getANode(path), getBNode(path)]
        ),
        j.identifier('andCallsFake'),
        false
      ),
      [getCNode(path)]
    );
  }

  function getANode(path) {
    return path.node.arguments[0];
  }
  function getBNode(path) {
    return path.node.arguments[1];
  }
  function getCNode(path) {
    return path.node.arguments[2];
  }

  return j(file.source)
    .find(j.CallExpression, rootProperties)
    .replaceWith(getTransform)
    .toSource();
};

To run your codemod, use jscodeshift:

gen-codemod sinon-v1.js sinon-v2.js > my-transform.js
npx jscodeshift -t my-transform.js PROJECT_PATH

Install

npm i -g gen-codemod

Limitations

Can't change multiple AST expressions at once (only reads the first AST node from the initial / desired JavaScript files).

Keywords

codemod
refactor
generate
jscodeshift
ast
JavaScript

FAQs

Package last updated on 13 Feb 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Security News

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.

By Sarah Gooding  -  Apr 02, 2026