Research
PyPI Package Impersonates SymPy to Deliver Cryptomining Malware
Malicious PyPI package sympy-dev targets SymPy users, a Python symbolic math library with 85 million monthly downloads.
By Kirill Boychenko -  Jan 21, 2026
🚀 Launch Week Day 2:Introducing Custom Tabs for Org Alerts.Learn More →
hackfile
Parser for the hackfile format
npm install hackfile
Format
The hackfile format is similar to a Makefile. There are two accepted formats:
{name}
{arg1}
{arg2}
...
{name} {arg1}
{arg2}
{arg3}
...
hackfiles can also be nested:
{name} {arg}
(indent){name} {arg}
(indent)(indent){arg}
(indent){arg}
...
Usage
Assuming you have a hackfile that looks like this
foo bar
bar echo c
echo d
bat
echo e
echo f
echo g
baz echo a b c d
The following example
var hackfile = require('hackfile')
var fs = require('fs')
var parsed = hackfile(fs.readFileSync('hackfile', 'utf-8'))
console.log(parsed)
Prints out
[ [ 'foo', [ 'bar' ] ],
[ 'bar', [ [ 'echo', [ 'c' ] ], [ 'echo', [ 'd' ] ] ] ],
[ 'bat', [ [ 'echo', [ 'e' ] ], [ 'echo', [ 'f' ] ], [ 'echo', [ 'g' ] ] ] ],
[ 'baz', [ [ 'echo', [ 'a b c d' ] ] ] ] ]
Nested Example
hackfile input:
pipeline foo
pipe
echo hello
transform
cat
run echo
hello
parser output:
[[
"pipeline", [
"foo", [
"pipe", [[
"echo", [
"hello"
]
],
"transform",
"cat"
]], [
"run", [
"echo",
"hello"
]]
]
]]
License
MIT
FAQs
Parser for the hackfile format
The npm package hackfile receives a total of 4 weekly downloads. As such, hackfile popularity was classified as not popular.
We found that hackfile demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 23 Jan 2015
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Node.js 25.4.0 Ships with Stable require(esm)
Node.js 25.4.0 makes require(esm) stable, formalizing CommonJS and ESM compatibility across supported Node versions.
By Sarah Gooding -  Jan 21, 2026
Product
Introducing Custom Tabs for Org Alerts
Create and share saved alert views with custom tabs on the org alerts page, making it easier for teams to return to consistent, named filter sets.
By André Staltz -  Jan 20, 2026