Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
PEG.js is a simple parser generator for JavaScript that produces fast parsers with excellent error reporting. It allows you to define a grammar in a simple syntax and then generates a parser for that grammar.
Grammar Definition
This feature allows you to define a grammar using PEG.js syntax. The example demonstrates a simple arithmetic expression parser that can handle addition and multiplication.
const peg = require('pegjs');
const grammar = `
start = expression
expression = term ('+' term)*
term = factor ('*' factor)*
factor = number / '(' expression ')'
number = [0-9]+ { return parseInt(text(), 10); }
`;
const parser = peg.generate(grammar);
const result = parser.parse('2*(3+4)');
console.log(result); // Outputs: 14
Custom Error Messages
PEG.js provides excellent error reporting. This example shows how PEG.js can generate custom error messages when the input does not conform to the defined grammar.
const peg = require('pegjs');
const grammar = `
start = expression
expression = term ('+' term)*
term = factor ('*' factor)*
factor = number / '(' expression ')'
number = [0-9]+ { return parseInt(text(), 10); }
`;
const parser = peg.generate(grammar, { output: 'source', format: 'commonjs' });
try {
parser.parse('2*(3+)');
} catch (e) {
console.log(e.message); // Outputs: Expected "(", number, or whitespace but ")" found.
}
Semantic Actions
Semantic actions allow you to specify what should happen when a rule matches. This example demonstrates how to add two numbers together when the '+' operator is encountered.
const peg = require('pegjs');
const grammar = `
start = expression
expression = left:term '+' right:term { return left + right; }
term = number
number = [0-9]+ { return parseInt(text(), 10); }
`;
const parser = peg.generate(grammar);
const result = parser.parse('3+4');
console.log(result); // Outputs: 7
Nearley is a powerful and flexible parser generator for JavaScript. It supports a wider range of grammars compared to PEG.js and can handle more complex parsing tasks. Nearley uses Earley parsing algorithm which is more powerful but can be slower than PEG.js for certain grammars.
ANTLR (Another Tool for Language Recognition) is a powerful parser generator that can be used to read, process, execute, or translate structured text or binary files. It is more feature-rich and supports multiple target languages, but it has a steeper learning curve compared to PEG.js.
Jison is a parser generator that converts a context-free grammar into a JavaScript parser. It is similar to PEG.js but uses a different parsing algorithm (LALR(1)). Jison is more suitable for traditional compiler construction tasks.
PEG.js is a simple parser generator for JavaScript that produces fast parsers with excellent error reporting. You can use it to process complex data or computer languages and build transformers, interpreters, compilers and other tools easily.
PEG.js is still very much work in progress. There are no compatibility guarantees until version 1.0
Released under the MIT License.
Copyright (c) 2010-2016 David Majda
Copyright (c) 2017+ Futago-za Ryuu
FAQs
Parser generator for JavaScript
The npm package pegjs receives a total of 286,369 weekly downloads. As such, pegjs popularity was classified as popular.
We found that pegjs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.