Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
js-to-json-logic
Advanced tools
Transform JavaScript expressions into JSONLogic objects. For Node.js.
NOTICE: This module is still in beta!
npm install --save js-to-json-logic
const transformJS = require("js-to-json-logic");
transformJS('temp < 110 && pie.filling === "apple"');
The transformJS
function returns a JavaScript object, which can be stringified as a JSON and look like this:
{
"and": [
{
"<": [
{
"var": "temp"
},
110
]
},
{
"===": [
{
"var": "pie.filling"
},
"apple"
]
}
]
}
To parse input code, this module uses @babel/parser
to parse JavaScript code into an Abstract Syntax Tree (AST). The tree is then transformed into a JSONLogic object.
Said object is can then be used with the json-logic-js
module to apply the interpreted rules to any type of data. Learn More
expression | support | examples |
---|---|---|
Boolean Literals | full | true , false |
String Literals | full | "banana" , "hello world" |
Template Literals | full | `hello, ${first_name}` |
Numeric Literals | full | 1 , 2.04 , -10292.64 , 0b01011010 , 0xFF00FF , etc. |
Object Expressions / Literals | full | ({ a: [1, false, 'string'], b: false, d: 'hello' }) |
Array Expressions | full | [1, 2, 3] |
Spread Operator in Arrays | full | [1, 2, ...myArr] |
Null Literals | full | null |
Identifiers (variables) | full | myVar , deep.property |
Comparison Expressions | full | a > b , a < b , a <= b , a === b , a !== b , etc. |
Arithmetic Operators | full | a + b , a * b , a - b , a / b , a % b |
Call Expressions | full | myFunction(a, b, c) |
Unary Expressions | full | !cond , !!cond , -var , +var |
Conditional (Ternary) Operator | full | condition ? a : b |
Regex Literal | limited | /[^@]+@[^\.]+\..+/gi |
If Statements | limited | if (condA) { a } else if (condB) { b } else { c } |
Call Expressions with Callback | limited | map(arr, x => x + 1) |
Arrow Functions | limited | x => x + 1 , (a, b) => a + b |
Notes:
Regex Literals: are not supported by the JSON spec. To account for this, they are converted into an array of strings. The first element of the array is the pattern, the second one contains the flags. Example: [ "\d\d\d\d", "gi" ]
If Statements: Multi-line consequentials (block statements in if statements) are not supported. Also, implicit return will always apply.
Call Expressions with Callback: Only arrow functions are allowed as callbacks in call expressions.
Arrow Functions: arrow functions can only be single-line expressions or have a one-line block statement
If a specific syntactic JS feature is not specified in the table above, it's likely that it isn't supported. If you have an idea on how to support said feature, feel free to file a GitHub Issue.
The following syntactic features are not supported by this module.
#myPrivateProperty
i++
, i--
, etc.)new
operatorSomething does not work as expected or perhaps you think this project needs a feature? Please open an issue using GitHub issue tracker.
Make sure that an issue pointing out your specific problem does not exist already. Please be as specific and straightforward as possible.
Pull Requests (PRs) are welcome! You should follow the same basic stylistic conventions as the original code.
Make sure that a pull request solving your specific problem does not exist already. Your changes must be concise and focus on solving a discrete problem.
Copyright (c) 2020 Kristian Muñiz
FAQs
Generate JSON Logic objects using JavaScript syntax.
The npm package js-to-json-logic receives a total of 610 weekly downloads. As such, js-to-json-logic popularity was classified as not popular.
We found that js-to-json-logic demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.