Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
ngx-translate-messageformat-compiler
Advanced tools
> Compiler for ngx-translate that uses messageformat.js to compile translations using ICU syntax for handling pluralization and gender
Compiler for ngx-translate that uses messageformat.js to compile translations using ICU syntax for handling pluralization and gender
Example App (StackBlitz)
This assumes that you've already installed ngx-translate.
Using npm
:
npm install ngx-translate-messageformat-compiler @messageformat/core --save
... or if you use yarn
:
yarn add ngx-translate-messageformat-compiler @messageformat/core
Something to be aware of if you deploy to strict production environments: Fundamentally, messageformat is a compiler that turns ICU MessageFormat input into JavaScript, and we do this at runtime. This means calling new Function
under the hood, which requires allowing unsafe-eval
for the script-src
Content Security Policy (CSP).
In the current version, this library supports Angular versions 13+, ngx-translate versions 14+ and messageformat 3. Older versions of this library support older versions of these peer dependencies.
You need to configure TranslateModule
so it uses TranslateMessageFormatCompiler
as the compiler:
import { NgModule } from '@angular/core';
import { BrowserModule } from '@angular/platform-browser';
import { TranslateCompiler, TranslateModule } from '@ngx-translate/core';
import { TranslateMessageFormatCompiler } from 'ngx-translate-messageformat-compiler';
import { AppComponent } from "./app";
@NgModule({
imports: [
BrowserModule,
TranslateModule.forRoot({
compiler: {
provide: TranslateCompiler,
useClass: TranslateMessageFormatCompiler
}
})
],
bootstrap: [AppComponent]
})
export class AppModule {}
You can override the values used when configuring MessageFormat by providing a configuration object for the MESSAGE_FORMAT_CONFIG
injection token. Here's the default:
{
biDiSupport: false,
formatters: {},
strictNumberSign: false,
currency: "USD",
strictPluralKeys: true,
throwOnError: false,
fallbackPrefix: undefined
}
MessageFormat instances provide some options to influence its behaviour, among them customFormatters
, biDiSupport
and strict
. Learn about their meaning here: https://messageformat.github.io/messageformat/api/core.messageformatoptions/ (The names used in the MESSAGE_FORMAT_CONFIG object are slightly different for backward-compatibility reasons.)
This is how you would enable bi-directional support and add a custom formatter, for example:
import { MESSAGE_FORMAT_CONFIG } from 'ngx-translate-messageformat-compiler';
@NgModule({
// ...
providers: [{
provide: MESSAGE_FORMAT_CONFIG,
useValue: {
biDiSupport: true,
formatters: { upcase: v => v.toUpperCase() }
}
}]
This library implements neither the syntax used for pluralization (et al) nor the "mechanics" for making translations work in your Angular app. The former is MessageFormat, the latter ngx-translate. Before you assume your problem is with ngx-translate-messageformat-compiler, please consult these ressources:
Here's two important differences to ngx-translate's default syntax when using MessageFormat:
'Hello {name.first} {name.last}'
won't work.Hello {name}
If you have to transition on a message-by-message basis, you can do so by configuring a prefix that, if found on the message, will cause the compiler to "ignore" the message. This has the effect of falling back on ngx-translate's default message interpolation.
import { MESSAGE_FORMAT_CONFIG } from 'ngx-translate-messageformat-compiler';
@NgModule({
// ...
providers: [{
provide: MESSAGE_FORMAT_CONFIG,
useValue: {
fallbackPrefix: 'your_choice::'
}
}]
{
"uses-messageformat-syntax": "{ COUNT, plural, =0 {There are no results.} one {There is one result.} other {There are # results.}",
"uses-default-syntax": "'your_choice::Hello {{name}}."
}
There are two stages in the translation process:
Hello {name}
) to a function: this fails if the MessageFormat syntax is incorrect, for example.Linda
as the name in the above message): this fails if the parameters don't "fit" the message.By default, the errors that get thrown in these two stages are caught and logged to the console, and the original message is returned as the translation. If you do not want this behaviour, pass throwOnError: true
in MESSAGE_FORMAT_CONFIG
(see above). (Note that this may make all translations fail if there's a syntax error in any message.)
This library also exports TranslateMessageFormatDebugCompiler
, which you can use as a drop-in replacement for the regular TranslateMessageFormatCompiler
.
The debug compiler will log to the console whenever a translation string is compiled to an interpolation function, and whenever such a function is called (with interpolation parameters) to compute the final translated string.
The logs may help you figuring out which translation produces an error and the timing of when the individual steps happen.
Here's an example to get you started:
{
"things": "There {count, plural, =0{is} one{is} other{are}} {count, plural, =0{} one{a} other{several}} {count, plural, =0{nothing} one{thing} other{things}}",
"people": "{gender, select, male{He is} female{She is} other{They are}} {how}"
}
<ul>
<li translate [translateParams]="{ count: 0 }">things</li>
<li translate [translateParams]="{ count: 1 }">things</li>
<li>{{'things' | translate:"{ count: 2 }"}}</li>
</ul>
<ul>
<li translate [translateParams]="{ gender: 'female', how: 'influential' }">people</li>
<li translate [translateParams]="{ gender: 'male', how: 'funny' }">people</li>
<li>{{'people' | translate:"{ how: 'affectionate' }"}}</li>
</ul>
Note that this illustrates using both the directives and the pipe provided by ngx-translate. You don't have to mix them, obviously.
- There is nothing
- There is a thing
- There are several things
- She is influential
- He is funny
- They are affectionate
If you're here, you probably know what you're looking for. If you do wonder what this is, here's a brief explanation.
ICU Message Format is a standardized syntax for dealing with the translation of user-visible strings into various languages that may have different requirements for the correct declension of words (e.g. according to number, gender, case) - or to simplify: pluralization.
Messageformat.js is a compliant implementation for Javascript.
Back in AngularJS, angular-translate, formerly by @PascalPrecht, provided support for ICU syntax using messageformat.js. This compiler "plugin" adds the same rich pluralization support to the excellent ngx-translate for Angular (2+). Thanks to @ocombe for his work and his supporting pluggable compilers in the core. Thanks also to @PascalPrecht for suggesting a contribution when I talked to him about this at Jazoon.
[7.0.0] - 2024-02-09
throwOnError: true
to
restore the previous behaviourfallbackPrefix
use ngx-translate default syntax (#30)FAQs
> Compiler for ngx-translate that uses messageformat.js to compile translations using ICU syntax for handling pluralization and gender
The npm package ngx-translate-messageformat-compiler receives a total of 22,036 weekly downloads. As such, ngx-translate-messageformat-compiler popularity was classified as popular.
We found that ngx-translate-messageformat-compiler demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.