Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
ng-annotate
Advanced tools
ng-annotate is not maintained any longer.
Please check out its successor instead: babel-plugin-angularjs-annotate
Please don't open any issues or pull requests on ng-annotate. No new releaseses will be made.
Feel free to fork the repo and publish your modified version if you want to. More info about the deprecation can be found in Issue #245: The future of ng-annotate.
ng-annotate adds and removes AngularJS dependency injection annotations.
Write your code without annotations and mark-up functions to be annotated
with the "ngInject"
directive prologue, just like you would
"use strict"
. This must be at the beginning of your function.
$ cat source.js
angular.module("MyMod").controller("MyCtrl", function($scope, $timeout) {
"ngInject";
...
});
Then run ng-annotate as a build-step to produce this intermediary, annotated, result (later sent to the minifier of choice):
$ ng-annotate -a source.js
angular.module("MyMod").controller("MyCtrl", ["$scope", "$timeout", function($scope, $timeout) {
"ngInject";
...
}]);
Your minifier will most likely retain the "ngInject"
prologues so use sed
or a regexp in your build toolchain to get rid of those on the ng-annotate output.
sed
example: ng-annotate -a source.js | sed "s/[\"']ngInject[\"'];*//g"
.
JavaScript regexp example: source.replace(/["']ngInject["'];*/g, "")
.
You can also use ng-annotate to rebuild or remove existing annotations. Rebuilding is useful if you like to check-in the annotated version of your source code. When refactoring, just change parameter names once and let ng-annotate rebuild the annotations. Removing is useful if you want to de-annotate an existing codebase that came with checked-in annotations
npm install -g ng-annotate
Then run it as ng-annotate OPTIONS <file>
. The errors (if any) will go to stderr,
the transpiled output to stdout.
The simplest usage is ng-annotate -a infile.js > outfile.js
.
See OPTIONS.md for command-line documentation.
ng-annotate can be used as a library, see OPTIONS.md for its API.
ng-annotate uses static analysis to detect common AngularJS code patterns. When
this works it means that you do not need to mark-up functions with "ngInject"
.
For a lot of code bases this works very well (use ng-strict-di
to simplify
debugging when it doesn't) but for others it is less reliable and you may prefer
to use "ngInject"
instead. For more information about implicit matching see
IMPLICIT.md.
The recommended function foo($scope) { "ngInject"; ... }
can be exchanged
for /*@ngInject*/ function foo($scope) { ... }
or
ngInject(function foo($scope) { ... })
. If you use the latter form then
then add function ngInject(v) { return v }
somewhere in your codebase or process
away the ngInject
function call in your build step.
The /*@ngInject*/
, ngInject(..)
and "ngInject"
siblings have three cousins that
are used for the opposite purpose, suppressing an annotation that ng-annotate added
incorrectly (a "false positive"). They are called /*@ngNoInject*/
, ngNoInject(..)
and "ngNoInject"
and do exactly what you think they do.
ng-annotate supports ES5 as input so run it with the output from Babel, Traceur,
TypeScript (tsc) and the likes. Use "ngInject"
on functions you want annotated.
Your transpiler should preserve directive prologues, if not please file a bug on it.
<div ng-app="myApp" ng-strict-di>
Do that in your ng-annotate processed (but not minified) builds and AngularJS will let you know if there are any missing dependency injection annotations. ng-strict-di is available in AngularJS 1.3 or later.
See CHANGES.md.
ng-annotate is written in ES6 constlet style and uses defs.js to transpile to ES5. See BUILD.md for build and test instructions.
Please provide issues in the form of input, expected output, actual output. Include the version of ng-annotate and node that you are using. With pull requests, please include changes to the tests as well (tests/original.js, tests/with_annotations.js).
MIT
, see LICENSE file.
ng-annotate is written by Olov Lassus with the kind help by contributors. Follow @olov on Twitter for updates about ng-annotate.
FAQs
add, remove and rebuild angularjs dependency injection annotations
We found that ng-annotate demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.