Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
intent-parser
Advanced tools
An intent parser designed for Project Abigail.
This intent parser uses pattern matching. The parsing operates in 3 different stages:
All of these stages are promises based to make it possible to handle asynchronous code, although at the moment all the code is synchronous.
In order to ease the writing of new patterns, a cleaning step takes place. It aims at reducing the complexity of sentences while preserving their meanings.
Consider the following phrases:
Hey, can you please let me know when am I free?
Can you please let me know when I'm free?
Please let me know when I'm free.
They all can be simplified to:
Let me know when I am free.
It becomes easier to write new patterns without worrying about supporting
things like contractions (I'm
and I am
). Only the full forms (I am
) are
retained and should be used in patterns.
The parsing and refining philosophy was inspired by Chrono.
The parsing attempts to identify semantical components of the phrase. Several passes are applied successively. Each of these passes have a single focus and try to extract things like temporal notions, people or actions.
During that phase the logic is kept to a minimum.
The refining phase attempts to make sense out of the elements extracted during the parsing.
If a person, a time and an action were extracted from a sentence, it is probably a request for creating a new reminder.
On the other hand, if only a person and a time were extracted and the input looks like a question then it is likely a query about someone's activity.
$ npm run build
$ npm test
FAQs
A basic intent parser designed for Project Abigail.
We found that intent-parser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.