Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
i18n-core is a no-fuzz Node.js implementation of i18n. It doesn't connect to express or any other fancy Node framework and is extensible where it needs to be and allows to reduce the complexity of other i18n implementations (thus the name).
It implements basic variable replacements in the mustache and sprintf manner.
To use i18n-core all you need to do is install it using npm
$ npm i i18n-core --save
To use i18n-core you need require it in your javascript file.
var i18n_core = require("i18n-core")
You can then initialize and use the library like this:
var i18n = i18n_core({a: "b"})
i18n.__("a") // b!
To have different namespaces for different language you can get a prefixed subpart using .lang()
.
var en = i18n_core({en: {d: "e"}}).lang("en")
en.__("d") // e!
Note: .lang(<lang>)
is the same thing as .sub(<lang> + ".")
The system is based on lookup
implementations that allow the system to use different sources to get its strings from. The examples before used an object and because of this the former example would be equal to:
var i18n = i18n_core(require("i18n-core/lookup/object")({a: "b"}))
If you were to pass in a string to i18n-core
instead like this:
var i18n = i18n_core("./")
Then it would be equal the primitive file-system lookup same like this:
var i18n = i18n_core(require("i18n-core/lookup/fs")("./"))
You can pass in your own strategy by given an object to the constructor that contains a "get"-method:
var i18n = i18n_core({
get: function (key) {
return null; // Who needs translation anyway?
}
})
i18n-core does implement basic placeholder replacements like:
en.__("%s is cool", "he"); // "he is cool"
following the logic of sprintf.
It also offers mustache pattern replacement like this:
en.__("{{name}} are cool too", {name: "you"}); // "you are cool too"
It is possible to chain translation prefixes like this:
var at = i18n_core({de:{at: {hello: "Zewas!"}}}).lang("de").lang("at");
at.__("hello") // Zewas!
and you can also change the chain if you want to.
var translate = i18n_core({
de: {title: "Meine Webseite"},
en: {title: "My Website"}
}).lang("de", true) // <- this true is important :)
translate.__("title") // Meine Website
translate.changeLang("en")
translate.__("title") // My Website
To prevent malicious use the changing of the language is prevented unless you pass a true
flag to it.
In some instances it is necessary to know in advance if a key has a value or not, in this case you can use has
.
var translate = i18n_core({title: "My Website"})
translate.has("title") // true
translate.has("subtitle") // false
Additionally, for module development, its possible to access the raw data using raw
:
var translate = i18n_core({no: {val: 5}})
translate.raw("no") // {val: 5}
If you have any questions, please post them as issue, thanks!
FAQs
Basic i18n translation.
We found that i18n-core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.