Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
groundskeeper
Advanced tools
Current Version: 0.1.12
This is a small utility to remove forgotten console
, debugger
and specific blocks of code from Javascript files.
It just happens that I forget a lot to remove console
statements when moving code to production... at the same time I like to do a lot of validations while in development enviroment, validations that are not really needed when in production mode.
This tool is exactly that tool that removes all those useless stuff.
Note: if you have any problems, take a look at the dev branch, but remember that branch is like pretty much beta.
If you're using UglifyJS2 then you most likely don't need this package at all.
You can just use the drop_debugger
and drop_console
to achieve the same effect.
If you're using the pragmas function, you might achieve the same effect using conditional compilation.
On the other hand if you don't use UglifyJS2 then go ahead and keep reading :)
The easiest way is to use npm
npm install groundskeeper -g
Pretty simple... dirty file goes in, clean file goes out:
in shell:
groundskeeper < dirty.js > clean.js
in javascript:
var fs = require('fs'),
groundskeeper = require('groundskeeper'),
file = fs.readFileSync('dirtyFile.js', 'utf8'),
cleaner = groundskeeper(options);
cleaner.write(file);
fs.writeFileSync('cleanFile.js', cleaner.toString(), 'utf8');
Streams are supported by groundskeeper, but not by esprima, if you really want to use Streams, make sure that your files are below 40960 bytes, still... the example:
var fs = require('fs'),
groundskeeper = require('groundskeeper'),
dirty = fs.createReadStream('dirty.js'),
clean = fs.createWriteStream('clean.js'),
cleaner = groundskeeper(options),
dirty.setEncoding('utf8');
dirty.pipe(cleaner).pipe(clean);
By default groundskeeper
removes all console
, debugger;
and pragmas that it founds, the following options allow you to specify what you want to keep:
in Javascript:
{
console: true, // Keep console logs
debugger: true // Keep debugger; statements
pragmas: ['validation', 'development'], // Keep pragmas with the following identifiers
namespace: ['App.logger', 'App.bucket'] // Besides console also remove function calls in the given namespace,
replace: '0' // For the ones who don't know how to write Javascript...
}
in Shell:
-p, --pragmas <names> comma-delimited <names> to keep, everything else is removed
-n, --namespace <names> comma-delimited <names> to remove, e.g.: `App.logger,App.bucket`
-d, --debugger [boolean] If true, it will keep `debbuger;` statements
-c, --console [boolean] If true, it keeps `console` statements
-r, --replace <string> If given it will replace every console with the given value
If you use your own logger utility, you can also remove those by specifying a namespace.
Assuming your utility is App.logger.log('yeyy')
groundskeeper -n App.logger.log < dirty.js > clean.js
If you have multiple functions (warn, count...) in that namespace you can specify App.logger
only to remove them all:
groundskeeper -n App.logger < dirty.js > clean.js
Note:
In certain cases, you can't remove the console
entirely, a pretty tipical case of that is:
if (condition) console.log("condition true");
else console.log("condition false")
// yeah... most cases happen when people don't use brackets...
After removing the console
statements the previous code becomes:
if (condition)
else
... which is illegal.
That's when you should use the replace
option by specifying a string, where the code becomes:
// assuming 'replace' = '0'
if (condition) '0'
else '0'
... which is harmless, not pretty, but harmless.
Pragmas
If you're wondering how to remove entire blocks of code, you can do that by using comments.
var clone = function (arr) {
//<validation>
if (Object.prototype.toString.call(arr) !== '[object Array]') {
throw new Error('Invalid argument given');
}
//</validation>
return arr.map(function (val) {});
};
Notice those comments? They specify a block code of validation, you can specify whatever name you wish, as long as you respect the format.
Tests are ran using mocha and jscoverage you can install mocha with npm install
, but you'll need to clone and install jscoverage from this repository
To issue the tests, take a look at the Makefile, but in short, it's just a matter of doing:
make test
If you want to see the code coverage, just write:
make lib-cov && make test-cov
Copyright (c) 2014 Luís Couto Licensed under the ISC License
FAQs
Pragmas and console statements remover
The npm package groundskeeper receives a total of 21 weekly downloads. As such, groundskeeper popularity was classified as not popular.
We found that groundskeeper demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.