Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
parse-conflict-json
Advanced tools
Parse a JSON string that has git merge conflicts, resolving if possible
Parse a JSON string that has git merge conflicts, resolving if possible.
If the JSON is valid, it just does JSON.parse
as normal.
If either side of the conflict is invalid JSON, then an error is thrown for that.
// after a git merge that left some conflicts there
const data = fs.readFileSync('package-lock.json', 'utf8')
// reviverFunction is passed to JSON.parse as the reviver function
// preference defaults to 'ours', set to 'theirs' to prefer the other
// side's changes.
const parsed = parseConflictJson(data, reviverFunction, preference)
// returns true if the data looks like a conflicted diff file
parsed.isDiff(data)
If prefer
is set to theirs
, then the vaules of theirs
and ours
are
switched in the resolver function. (Ie, we'll apply their changes on top
of our object, rather than the other way around.)
Parse the conflicted file into 3 pieces: ours
, theirs
, and parent
Get the diff from parent
to ours
.
Apply each change of
that diff to theirs
.
If any change in the diff set cannot be applied (ie, because they
changed an object into a non-object and we changed a field on that
object), then replace the object at the specified path with the object
at the path in ours
.
4.0.0 (2024-09-24)
parse-conflict-json
now supports node ^18.17.0 || >=20.5.0
bbad0b5
#97 run template-oss-apply (@hashtagchris)aaa60b6
#96 enable auto publish (#96) (@reggi)ceb69ec
#93 bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot])5724d51
#80 bump @npmcli/template-oss to 4.22.0 (@lukekarrys)46686e2
#94 postinstall for dependabot template-oss PR (@hashtagchris)0694002
#94 bump @npmcli/template-oss from 4.23.1 to 4.23.3 (@dependabot[bot])FAQs
Parse a JSON string that has git merge conflicts, resolving if possible
The npm package parse-conflict-json receives a total of 2,029,071 weekly downloads. As such, parse-conflict-json popularity was classified as popular.
We found that parse-conflict-json demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.