Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Currently in alpha.
Easy wrangling of JSON documents with GROQ in the command line.
The CLI tool consumes both JSON and NDJSON) documents. You can pass in data from a local file, or from piping to standard input.
Read the announcement blog post, and the getting started guide.
npm install --global groq-cli
This CLI requires Node v18 or later.
$ groq --help
Run GROQ in the command line
Usage
$ groq '*[<filter>]{<projection>}'
# Remember to alternate quotation marks inside of the query
Options
-i, --input One of: ndjson, json, null
-o, --output One of: ndjson, json, pretty, type-nodes
-p, --pretty Shortcut for --output=pretty
-n, --ndjson Shortcut for --input=ndjson --output=ndjson
-s, --schema Path to a schema file, only required when output is set to "type-nodes"
Input formats
json Reads a JSON object from stdin.
ndjson Reads a JSON stream from stdin.
null Reads nothing.
Output formats
json Formats the output as JSON.
pretty Formats the output as pretty JSON.
ndjson Streams the result as NDJSON.
Examples
# Query data in a file
$ cat blog.json | groq 'count(posts)'
# Query data in a NDJSON file
$ cat blog.ndjson | groq --input ndjson '*[_type == "post"]{title}'
# Query JSON data from an URL
$ curl -s https://jsonplaceholder.typicode.com/todos | groq --pretty '*[completed == false]{title}'
GROQ-cli isn't the only tool to work with JSON data in the command line. If it doesn't do exactly what you need, you can check out these other tools that might help you:
MIT – Copyright 2019–present Sanity Inc.
FAQs
Run GROQ in the command line
We found that groq-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 64 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.