Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
node-syntax-tree
Advanced tools
node-syntax-tree
is a node package for executing Syntax Tree in a WASM environment. It functions by compiling the Ruby interpreter and Syntax Tree source files into a WASM package that is loaded and executed at runtime.
If you're using the npm
:
npm install --save node-syntax-tree
Or if you're using yarn
, then add the plugin by:
yarn add node-syntax-tree
node-syntax-tree
provides both CJS and ESM modules distributions. To require through CJS, run:
const { default: createSyntaxTree } = require("node-syntax-tree");
To require through ESM, run:
import createSyntaxTree from "node-syntax-tree";
Once you have the import, you can initial the virtual machine and run the associated functions, as in:
createSyntaxTree().then((syntaxTree) => {
console.log(syntaxTree.handlers.ruby.parse("foo"));
// => (program (statements ((vcall (ident "foo")))))
console.log(syntaxTree.handlers.ruby.format("1+1"));
// => 1 + 1
console.log(syntaxTree.handlers.haml.parse("= foo"));
// => (root children=[(script text=" foo")])
console.log(syntaxTree.handlers.haml.format("= foo"));
// => = foo
});
You can access all of the various Syntax Tree plugins except RBS.
TypeScript types are provided along with this package, and effectively boil down to:
type SyntaxTreeHandler = {
format(source: string): string;
parse(source: string): string;
read(filepath: string): string;
};
type SyntaxTree = {
handlers: Record<"bf" | "css" | "haml" | "json" | "ruby" | "xml", SyntaxTreeHandler>
};
function createSyntaxTree(): Promise<SyntaxTree>;
Bug reports and pull requests are welcome on GitHub at https://github.com/ruby-syntax-tree/node-syntax-tree.
The package is available as open source under the terms of the MIT License.
FAQs
A node package for accessing Syntax Tree through WASM
We found that node-syntax-tree demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.