Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
grasp-squery
Advanced tools
A query engine for grasp - use CSS style selectors to query your JavaScript AST.
For documentation on the selector format, see the grasp page on squery.
See also the other query engine for grasp: equery.
Initially derived from esquery.
Add grasp-squery
to your package.json
, and then require it: var squery = require('grasp-squery);
.
The squery
object exposes five properties: three functions, parse
, queryParsed
, query
, a constructor, Cache
, and the version string as VERSION
.
Use parse(selector)
to parse a string selector into a parsed selector.
Use queryParsed(parsedSelector, ast)
to query your parsed selector.
query(selector, ast)
is shorthand for doing queryParsed(parse(selector), ast)
.
The AST must be in the Mozilla SpiderMonkey AST format - you can use acorn to parse a JavaScript file into the format.
If you are using one selector for multiple ASTs, parse it first, and then feed the parsed version to queryParsed
. If you are only using the selector once, just use query
.
Both queryParsed
and query
take an optional third parameter cache
. A cache is automatically created from the AST you supply if you do not supply a cache. You can create your own cache by calling the Cache
constructor with your AST.
FAQs
Grasp query backend using css style selectors
We found that grasp-squery demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.