
Research
/Security News
Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
indicative-parser
Advanced tools
Converts indicative rules and messages schema to a tree
Indicative parser pre-compiles the Indicative schema to a recursive tree of nodes. Each node is given one of the following types.
object
: Node with one or more nested children.array
: Node with one or more index or wildcard based nested children.literal
: The leaf nodes.Do note, that the literal
type is not equal to literal values in Javascript. For parser, the literal nodes are nodes with no leaf.
If you look at the Indicative schema, it is very concise and developer friendly. However, the same schema needs to be parsed to execute the validation rules.
{
username: 'required',
'account.type': 'required|in:email,social'
}
One way is to loop over the schema object keys, split them by .
and then inline execute the validations for each field. This process is very straight forward, but will have performance issues.
Instead, we parse the schema into a tree. The tree is later converted to an array of top level functions that are highly optimized for performance.
Install the package from npm registry as follows:
npm i indicative-parser
# yarn
yarn add indicative-parser
and then use it as follows:
import { rulesParser } from 'indicative-parser'
rulesParser({
username: 'required',
'account.type': 'required|in:email,social'
})
Above code outputs the following tree.
{
"username": {
"type": "literal",
"rules": [
{
"name": "required",
"args": []
}
]
},
"account": {
"rules": [],
"type": "object",
"children": {
"type": {
"type": "literal",
"rules": [
{
"name": "required",
"args": []
},
{
"name": "in",
"args": [
"email",
"social"
]
}
]
}
}
}
}
FAQs
Schema parser for Indicative
We found that indicative-parser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
Research
/Security News
Socket researchers investigate 4 malicious npm and PyPI packages with 56,000+ downloads that install surveillance malware.
Security News
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.