Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
hcl2-parser
Advanced tools
This is a HCL version 2 parser for JavaScript, there are several other JS parsers for HCL but none that support the newer HCL v2 syntax
It wraps the very helpful tmccombs/hcl2json and calls the convert package in order to parse HCL input strings to JSON strings. The Go code in parser.go
is converted to JS using GopherJS
TypeScript definitions are included
The module exports the following functions:
function parseToString(input: string): string
function parseToObject(input: string): any
Install as normal with NPM
npm install hcl2-parser
Importing into your project
// Good old fashioned Node.js CommonJS require
const hcl = require("hcl2-parser")
// Import with ES6 or TypeScript
import * as hcl = from "hcl2-parser"
Simple example of usage
const hcl = require("hcl2-parser")
const hclString = `
# Create a resource group
variable "azureRegion" {
type = string
default = "uksouth"
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = var.azureRegion
}
`
// Parse into a JSON string
stringResult = hcl.parseToString(hclString)
console.log(stringResult)
// Parse into an object, the actual result is in array index 0 for reasons I don't understand
objectResult = hcl.parseToObject(hclString)
console.log(objectResult[0].resource.azurerm_resource_group)
FAQs
HCL v2 parser for JavaScript
We found that hcl2-parser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.