Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
jsdoc-type-pratt-parser
Advanced tools
[![Npm Package](https://badgen.net/npm/v/jsdoc-type-pratt-parser)](https://www.npmjs.com/package/jsdoc-type-pratt-parser) [![Test Status](https://github.com/jsdoc-type-pratt-parser/jsdoc-type-pratt-parser/actions/workflows/test.yml/badge.svg?branch=main)]
This project is a parser for jsdoc types. It takes jsdoc type expressions like Array<string>
and creates an abstract
syntax tree (AST) out of it. It is heavily inspired by the existing libraries catharsis and jsdoctypeparser, but does
not use PEG.js, instead it is written as a pratt parser.
You can find some more information about pratt parsers here:
A simple live demo to test expressions can be found at: https://jsdoc-type-pratt-parser.github.io/jsdoc-type-pratt-parser/
npm install jsdoc-type-pratt-parser@alpha
import { parse } from 'jsdoc-type-pratt-parser'
const result = parse('SomeType<string>', 'typescript')
An API documentation can be found here. It is incomplete, but a good starting point. Please create issues or PRs if you don't find what you expect.
Three different modes (grammars) are supported: 'jsdoc'
, 'closure'
and 'typescript'
A common task to do on ASTs are transforms, for example a stringification. This library includes some transform and utilities to implement your own.
import { stringify } from 'jsdoc-type-pratt-parser'
const val = stringify({ type: 'JsdocTypeName', value: 'name'}) // -> 'name'
You can customize the stringification by using stringifyRules
and transform
:
import { stringifyRules, transform } from 'jsdoc-type-pratt-parser'
const rules = stringifyRules()
// `result` is the current node and `transform` is a function to transform child nodes.
rules.NAME = (result, transform) => 'something else'
const val = transform(rules, { type: 'JsdocTypeName', value: 'name'}) // -> 'something else'
You can also build your own transform rules by implementing the TransformRules<TransformResultType>
interface or you
can build upon the identity ruleset like this:
import { identityTransformRules, transform } from 'jsdoc-type-pratt-parser'
const myRules = identityTransformRules()
myRules.NAME = () => ({ type: 'JsdocTypeName', value: 'funky' })
const val = transform(myRules, result)
This library also supports compatibility modes for catharsis and jsdoctypeparser. The provided transform functions attempt to transform the output to the expected output of the target library. This will not always be the same as some types are parsed differently. These modes are thought to make transition easier, but it is advised to use the native output as this will be more uniform and will contain more information.
import { parse, catharsisTransform } from 'jsdoc-type-pratt-parser'
const result = catharsisTransform(parse('myType.<string>', 'closure'))
import { parse, jtpTransform } from 'jsdoc-type-pratt-parser'
const result = jtpTransform(parse('myType.<string>', 'closure'))
You can traverse an AST with the traverse
function:
import { traverse } from 'jsdoc-type-pratt-parser'
// property is the name of the property on parent that contains node
function onEnter(node, parent, property) {
console.log(node.type)
}
// an onEnter and/or an onLeave function can be supplied
traverse({ type: 'JsdocTypeName', value: 'name'}, onEnter, console.log)
This parser runs most tests of catharsis and
jsdoctypeparser. It compares the results of the different parsing libraries. If you
want to find out where the output differs, look in the tests for the comments // This seems to be an error of ...
or
the differ
keyword which indicates that differing results are produced.
A simple performance comparison using Benchmark.js produced the following results:
Testing expression: Name
catharsis x 37,816 ops/sec ±1.22% (1086 runs sampled)
jsdoc-type-pratt-parser x 602,617 ops/sec ±0.16% (1090 runs sampled)
jsdoctypeparser x 53,256 ops/sec ±0.73% (1081 runs sampled)
The fastest was jsdoc-type-pratt-parser
Testing expression: Array<number>
catharsis x 10,124 ops/sec ±0.56% (1084 runs sampled)
jsdoc-type-pratt-parser x 228,660 ops/sec ±0.40% (1084 runs sampled)
jsdoctypeparser x 42,365 ops/sec ±0.60% (1070 runs sampled)
The fastest was jsdoc-type-pratt-parser
Testing expression: { keyA: Type<A | "string val" >, keyB: function(string, B): A }
catharsis x 1,138 ops/sec ±0.66% (1087 runs sampled)
jsdoc-type-pratt-parser x 46,535 ops/sec ±0.47% (1090 runs sampled)
jsdoctypeparser x 18,291 ops/sec ±0.71% (1084 runs sampled)
The fastest was jsdoc-type-pratt-parser
The benchmark test uses catharsis without cache.
If you want to contribute see the Development Guide to get some pointers. Feel free to create issues if there is information missing.
FAQs
[![Npm Package](https://badgen.net/npm/v/jsdoc-type-pratt-parser)](https://www.npmjs.com/package/jsdoc-type-pratt-parser) [![Test Status](https://github.com/jsdoc-type-pratt-parser/jsdoc-type-pratt-parser/actions/workflows/test.yml/badge.svg?branch=main)]
The npm package jsdoc-type-pratt-parser receives a total of 3,690,813 weekly downloads. As such, jsdoc-type-pratt-parser popularity was classified as popular.
We found that jsdoc-type-pratt-parser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.