Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Unless you are an LDAP aficionado you may not know about the LDIF format. I was surprised to learn that no LDIF parsing library existed for node. So I wrote one, with peg.js.
Now I'll never have to use that cursed perl script again!
Install easily with npm!
npm install ldif
var ldif = require('ldif'),
file = './rfc/example1.ldif',
input = require('fs').readFileSync(file,'utf8');
console.log(ldif.parse(input));
After reading the file, it's parsed as a string.
There's also a shorthand to read in a file (synchronously, as above):
var ldif = require('ldif');
console.log(ldif.parseFile('./rfc/example1.ldif'));
Parsing an LDIF file returns an object format for an entire LDIF file.
In this case, example1.ldif specifies contents of two LDAP records.
var ldif = require('ldif');
file = ldif.parseFile('./rfc/example1.ldif');
var record = file.shift();
Records are stored in an internal format, using classic
Javascript objects. The type or value specified in a type
property for all objects, but they can also be tested for
specific constructor types:
var ldif = require('ldif');
file = ldif.parseFile('./rfc/example1.ldif');
(file instanceof ldif.Container) === true
(file.shift() instanceof ldif.Record) === true
var ldif = require('ldif');
file = ldif.parseFile('./rfc/example1.ldif'),
output_options = {};
var record = file.shift();
console.log(record.toObject(output_options));
Output of the above code is this:
{ dn: 'cn=Barbara Jensen, ou=Product Development, dc=airius, dc=com',
attributes:
{ objectclass: [ 'top', 'person', 'organizationalPerson' ],
cn: [ 'Barbara Jensen', 'Barbara J Jensen', 'Babs Jensen' ],
sn: 'Jensen',
uid: 'bjensen',
telephonenumber: '+1 408 555 1212',
description: 'A big sailing fan.' } }
Notice the default behavior outputs attribute key/value pairs that have values of either an array or single string. Since an attribute can be single- or multi-valued, this format makes sense in most cases.
The behavior of toObject()
can be altered with options below.
Option | Type | Description | Deafult |
---|---|---|---|
flatten | boolean | Flatten single values into strings | true |
single | boolean | Overrides flatten, only returns single values | false |
decode | boolean | Decode values (not yet well-defined, leave true) | true |
preserveOptions | boolean | Outputs any attribute options | true |
preferOptions | array | Prefer these options when preserveOptions is false | [ ] |
All parsed data can be written back to LDIF format using a
toLDIF()
method (on files or entries).
var ldif = require('ldif');
file = ldif.parseFile('./rfc/example1.ldif');
// the whole file
console.log(file.toLDIF());
// or just a single record
console.log(file.shift().toLDIF());
Note: toLDIF()
method folds lines by default at 78 characters.
If you want to change this value call toLDIF(width)
where width
is an integer.
To run the test suite, use npm test
(you'll need the dev dependencies
of mocha and chai installed).
To modify the parser, edit lib/ldif.pegjs
and run npm run make
(this requires the pegjs dev dependency to be installed).
FAQs
LDIF (LDAP Directory Interchange Format) tools for Node
The npm package ldif receives a total of 268 weekly downloads. As such, ldif popularity was classified as not popular.
We found that ldif demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.