Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
node-inspect-extracted
Advanced tools
This library provides an as-faithful-as-possible implementation of Node.js's
util.inspect
function.
It was built in such a way that it can be kept up-to-date with node's
implementation,
by taking the code directly from node's repo, and changing nothing but the
require()
statements. All of the node built-in functions are emulated.
Many of the incompatibilities generated from that emulation are not
interesting for Web use cases.
npm install node-inspect-extracted
This should work in node (for testing) and browsers, using either require
, import
, or as window.Inspect
if you include this in your page as a script tag.
With require
:
const util = require('node-inspect-extracted');
console.log(util.inspect(1));
With import
:
import util from 'node-inspect-extracted';
console.log(util.inspect(2));
From the browser:
<script src="https://unpkg.com/node-inspect-extracted/dist/inspect.js"></script>
<script>
console.log(util.inspect(3));
</script>
The following util
functions:
inspect(object[,showHidden|options[,depth [, colors]]])
format(format[, ...args])
formatWithOptions(inspectOptions, format[, ...args])
And these extras:
Proxy(target, handler)
: a wrapper for the normal Proxy
class that allows the showProxy
option of inspect to work.stylizeWithColor(str, styleType)
: colorize str
with ANSI escapes according to the styleTypestylizeWithHTML(str, styleType)
: colorize str
with HTML span tagsIf you specify {colors: true}
in the inspect options, you will get ANSI
escape codes, just as you would in Node. That's unlikely to be helpful to you
on the Web, so you might want stylizeWithHTML
, which is also exported from the package:
inspect({a:1}, {
compact: false,
stylize: stylizeWithHTML
}
which yields this ugly HTML:
{
a: <span style="color:yellow;">1</span>
}
If you want better HTML, the lightly-documented stylize
option requires
a function that takes two parameters, a string, and a class name. The mappings
from class names to colors is in inspect.styles
, so start with this:
stylizeWithHTML(str, styleType) {
const style = inspect.styles[styleType];
if (style !== undefined) {
return `<span style="color:${style};">${str}</span>`;
}
return str;
}
Proxy
objects to have their internal object inspected, you may use the Proxy
constructor exported by this project. That was done mostly for test coverage
purposes, it is not recommended for production code.arguments
objects are not treated specially.
[bug]util.types
) are
weaker than the ones in Node, which has the freedom to use internal
capabilities of the runtime. This means you can fake out the type
detection to get output different than node.
[bug]Object.setPrototypeOf
do not retain their original type information.
[bug]Promise
state is not visible. All Promises will show up as
Promise< pending >
no matter what state they are in.Map
and Set
iterators will not show their internal state because that
cannot be done from unprivileged code without modifying the iterator.
Entry iterators are not distinguished from value iterators.
[bug]WeakMap
and WeakSet
will not show their contents, because those contents
cannot be iterated over in unprivileged code.Check out NodeJS and this package next to one another:
git clone https://github.com/hildjj/node-inspect-extracted.git
git clone https://github.com/nodejs/node.git
cd node-inspect-extracted
npm install -g pnpm
pnpm install
npm start
to build, run all tests and start an auto-refreshing web server
to watch coverage change.npm run check
to see if there have been any changes to node that need to be integrated.npm run check -- -d
to see the diffs with nodenpm run check -- -u
to indicate that we have merged the current changesTests run mostly against the pre-webpack source at the moment, but there are some spot checks for the webpack output.
This project only supports versions of Node that the Node team is currently
supporting. Ava's
support statement
is what we will be using as well. Currently, that means Node 10
+ is
required.
This code is an adaptation of the Node.js internal implementation, mostly from the file lib/internal/util/inspect.js, which does not have the Joyent copyright header. The maintainers of this package will not assert copyright over this code, but will assign ownership to the Node.js contributors, with the same license as specified in the Node.js codebase; the portion adapted here should all be plain MIT license.
FAQs
Node's util.inspect, extracted for use on the Web
The npm package node-inspect-extracted receives a total of 27,218 weekly downloads. As such, node-inspect-extracted popularity was classified as popular.
We found that node-inspect-extracted demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.