![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
hermes-parser
Advanced tools
Package description
The hermes-parser npm package is a JavaScript parser that generates an Abstract Syntax Tree (AST) from JavaScript code. It is designed to be fast and efficient, making it suitable for use in development tools, linters, and other applications that need to analyze or transform JavaScript code.
Parsing JavaScript Code
This feature allows you to parse JavaScript code into an Abstract Syntax Tree (AST). The code sample demonstrates how to use the hermes-parser to parse a simple JavaScript statement and output the resulting AST.
const hermesParser = require('hermes-parser');
const code = 'const x = 42;';
const ast = hermesParser.parse(code);
console.log(JSON.stringify(ast, null, 2));
Customizing Parser Options
This feature allows you to customize the parser options, such as specifying the source type (script or module). The code sample shows how to parse JavaScript code as a module.
const hermesParser = require('hermes-parser');
const code = 'const x = 42;';
const options = { sourceType: 'module' };
const ast = hermesParser.parse(code, options);
console.log(JSON.stringify(ast, null, 2));
Handling Syntax Errors
This feature demonstrates how to handle syntax errors during parsing. The code sample shows how to catch and handle a syntax error when parsing invalid JavaScript code.
const hermesParser = require('hermes-parser');
const code = 'const x = ;';
try {
const ast = hermesParser.parse(code);
} catch (error) {
console.error('Syntax error:', error.message);
}
Acorn is a small, fast, JavaScript-based parser that generates an AST. It is highly modular and can be extended with plugins. Compared to hermes-parser, Acorn is more widely used and has a larger ecosystem of plugins and tools.
Esprima is a high-performance, standard-compliant ECMAScript parser. It is known for its accuracy and reliability in parsing JavaScript code. Esprima is similar to hermes-parser in terms of functionality but is more established and has been used in many popular projects.
Babel-parser (formerly Babylon) is the parser used by Babel. It supports the latest ECMAScript features and JSX syntax. Babel-parser is more feature-rich compared to hermes-parser, as it is designed to work with Babel's extensive plugin system for transforming JavaScript code.
Readme
A JavaScript parser built from the Hermes engine's parser compiled to WebAssembly. Can parse ES6, Flow, and JSX syntax.
The Hermes parser exposes a single parse(code, [options])
function, where code
is the source code to parse as a string, and options
is an optional object that may contain the following properties:
boolean
, defaults to false
. If true
, output an AST conforming to Babel's AST format. If false
, output an AST conforming to the ESTree AST format.boolean
, defaults to false
. If true
, do not error on return statements found outside functions."all"
or "detect"
, defaults to "detect"
. If "detect"
, only parse syntax as Flow syntax where it is ambiguous whether it is a Flow feature or regular JavaScript when the @flow
pragma is present in the file. Otherwise if "all"
, always parse ambiguous syntax as Flow syntax regardless of the presence of an @flow
pragma. For example foo<T>(x)
in a file without an @flow
pragma will be parsed as two comparisons if set to "detect"
, otherwise if set to "all"
or the @flow
pragma is included it will be parsed as a call expression with a type argument.string
, defaults to null
. The filename corresponding to the code that is to be parsed. If non-null, the filename will be added to all source locations in the output AST."module"
, "script"
, or "unambiguous"
(default). If "unambiguous"
, source type will be automatically detected and set to "module"
if any ES6 imports or exports are present in the code, otherwise source type will be set to "script"
.boolean
, defaults to false
. If true
, add all tokens to a tokens
property on the root node.FAQs
Unknown package
We found that hermes-parser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.