Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
ldap-filters
Advanced tools
Build, generate, parse, and evaluate LDAP filters
A library for working with Lightweight Directory Access Protocol (LDAP) filters based on RFC 4515.
Although this format is typicaly used with the LDAP protocol, this library could be implemented in other applications that need portable string-based filters for the purpose of matching object data.
Use npm:
npm install ldap-filters
var Filter = require('ldap-filters');
var output = Filter.AND([
Filter.attribute('givenName').equalTo('jenny'),
Filter.attribute('sn').equalTo('jensen')
]);
console.log(output.toString());
Note: You must call the .toString()
method, to obtain the filter as a string.
Various methods can be used to build simple filters:
(attr=*)
(attr=value)
(attr=*value*)
(attr=*value)
(attr=value*)
(attr~=value)
(attr>=value)
(attr<=value)
Simple filters can be aggregated with AND, OR, and NOT:
(&(f1)(f2)..)
(|(f1)(f2)..)
(!(filter))
Aggregation and nesting can be used to build complex filters.
Parses a filter from a string, returning a Filter object.
var Filter = require('ldap-filters');
var input = '(&(givenName=jenny)(sn=jensen))';
Filter.parse(input);
Whether you've created a filter programatically or by parsing a filter, you
can output with toString()
method or by concatenating with a string, like so:
query.toString()
query + ''
This will result in compacted output with no whitespace like:
(&(givenName=jenny)(sn=jensen)(|(c=us)(st=ontario)))
If you pass a value of true
or a numeric value to toString()
, the
output will be beautified:
query.toString(true)
query.toString(2)
Will result in similar output to the following output:
(&
(givenName=jenny)
(sn=jensen)
(|
(c=us)
(st=ontario)
)
)
A value of true
will use Filter.indent
property, which defaults to 4.
Test if (object) data matches a given filter. The filter can be one
created programatically, or parsed from a text string. A boolean
true
value will be returned for a successful match.
var Filter = require('ldap-filters');
var input = '(&(givenName~=jeni)(sn=jensen))';
var parsed = Filter.parse(input);
var data = { givenName: 'Jenny', sn: 'Jensen' };
console.log(parsed.match(data));
A complete test suite is included. To run it, you will need to have mocha and chai installed. Mocha should be installed globally (need sudo?).
npm install -g mocha
npm install chai
There are three ways to run the tests:
# Run tests with npm
npm test
# Run tests with "make"
make test
# Run tests manually
mocha test/*.js
The parser is built with jison. To re-build the parser, you must have jison installed globally.
# Install jison globally (need sudo?)
npm install -g jison
# Build with "make"
make parser
# Build manually with jison
jison lib/parser.jison -o lib/parser.js
The jison parser source was originally written by tantaman found in the DATS-DAP repository.
FAQs
Library for generating, parsing, and evaluating LDAP filters
The npm package ldap-filters receives a total of 81 weekly downloads. As such, ldap-filters popularity was classified as not popular.
We found that ldap-filters demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.