Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
metro-hermes-compiler
Advanced tools
The metro-hermes-compiler package is a tool used to compile JavaScript code into bytecode that can be executed by the Hermes JavaScript engine. Hermes is an open-source JavaScript engine optimized for running React Native applications on Android. The metro-hermes-compiler is typically used in the build process of React Native applications to improve performance by precompiling JavaScript code.
Compile JavaScript to Hermes Bytecode
This feature allows you to compile JavaScript source code into Hermes bytecode. The compiled bytecode can then be executed by the Hermes engine, which can improve the performance of React Native applications.
const { compile } = require('metro-hermes-compiler');
const fs = require('fs');
const sourceCode = fs.readFileSync('input.js', 'utf8');
const bytecode = compile(sourceCode);
fs.writeFileSync('output.hbc', bytecode);
Source Map Generation
This feature allows you to generate source maps while compiling JavaScript to Hermes bytecode. Source maps are useful for debugging, as they map the compiled bytecode back to the original source code.
const { compile } = require('metro-hermes-compiler');
const fs = require('fs');
const sourceCode = fs.readFileSync('input.js', 'utf8');
const { bytecode, sourceMap } = compile(sourceCode, { sourceMap: true });
fs.writeFileSync('output.hbc', bytecode);
fs.writeFileSync('output.map', JSON.stringify(sourceMap));
Babel is a widely-used JavaScript compiler that allows you to use next-generation JavaScript, today. It can transform JavaScript code into a backwards-compatible version, making it suitable for older environments. Unlike metro-hermes-compiler, Babel does not compile to bytecode but to JavaScript that can run in any JavaScript engine.
UglifyJS is a JavaScript parser, minifier, compressor, and beautifier toolkit. It is used to minify JavaScript code to reduce its size and improve load times. While it does not compile to bytecode like metro-hermes-compiler, it is often used in the build process to optimize JavaScript code.
Terser is a JavaScript parser and mangler/compressor toolkit for ES6+. It is a fork of UglifyJS and is used to minify JavaScript code. Similar to UglifyJS, it does not compile to bytecode but is used to optimize JavaScript code for better performance.
This experimental module provides a high-level API to work with the Hermes bytecode compiler (HBC). HBC is integrated as a WASM binary generated by the emscripten toolchain and checked in as part of this package.
A pre-configured emscripten environment can be used through this Docker image. Docker can be installed via its desktop app. Make sure to increase resource limits (16G RAM, as much CPU as possible).
cd path/to/hermes/checkout
docker run -i -t --rm -v `pwd`:`pwd` trzeci/emscripten bash
apt-get update -y && apt-get install -y icu-devtools
cd path/to/hermes/checkout
cmake . -DCMAKE_TOOLCHAIN_FILE=/emsdk_portable/emscripten/sdk/cmake/Modules/Platform/Emscripten.cmake -DCMAKE_BUILD_TYPE=Release
make -j emhermesc
After the build process finishes the Hermes Bytecode Compiler JavaScript file will be available in the bin
folder.
FAQs
🚇 Hermes bytecode compiler for Metro.
The npm package metro-hermes-compiler receives a total of 253,299 weekly downloads. As such, metro-hermes-compiler popularity was classified as popular.
We found that metro-hermes-compiler demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.