![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
hermes-parser
Advanced tools
Readme
A JavaScript parser built from the Hermes engine's parser compiled to WebAssembly. Can parse ES6, Flow, and JSX syntax.
The Hermes parser exposes a single parse(code, [options])
function, where code
is the source code to parse as a string, and options
is an optional object that may contain the following properties:
boolean
, defaults to false
. If true
, output an AST conforming to Babel's AST format. If false
, output an AST conforming to the ESTree AST format.boolean
, defaults to false
. If true
, do not error on return statements found outside functions."all"
or "detect"
, defaults to "detect"
. If "detect"
, only parse syntax as Flow syntax where it is ambiguous whether it is a Flow feature or regular JavaScript when the @flow
pragma is present in the file. Otherwise if "all"
, always parse ambiguous syntax as Flow syntax regardless of the presence of an @flow
pragma. For example foo<T>(x)
in a file without an @flow
pragma will be parsed as two comparisons if set to "detect"
, otherwise if set to "all"
or the @flow
pragma is included it will be parsed as a call expression with a type argument.string
, defaults to null
. The filename corresponding to the code that is to be parsed. If non-null, the filename will be added to all source locations in the output AST."module"
, "script"
, or "unambiguous"
(default). If "unambiguous"
, source type will be automatically detected and set to "module"
if any ES6 imports or exports are present in the code, otherwise source type will be set to "script"
.boolean
, defaults to false
. If true
, add all tokens to a tokens
property on the root node.FAQs
Unknown package
The npm package hermes-parser receives a total of 2,165,438 weekly downloads. As such, hermes-parser popularity was classified as popular.
We found that hermes-parser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.