php-parser
Advanced tools
The php-parser npm package is a JavaScript library that allows you to parse PHP code into an Abstract Syntax Tree (AST). This can be useful for various tasks such as static analysis, code transformation, and code generation.
Parsing PHP Code
This feature allows you to parse PHP code into an Abstract Syntax Tree (AST). The code sample demonstrates how to parse a simple PHP script and output the resulting AST.
const parser = require('php-parser');
const phpParser = new parser({ parser: { extractDoc: true } });
const ast = phpParser.parseCode('<?php echo "Hello, World!"; ?>');
console.log(JSON.stringify(ast, null, 2));Traversing the AST
This feature allows you to traverse the AST to find specific nodes. The code sample demonstrates how to traverse the AST to find and log echo statements.
const parser = require('php-parser');
const phpParser = new parser({ parser: { extractDoc: true } });
const ast = phpParser.parseCode('<?php echo "Hello, World!"; ?>');
function traverse(node) {
if (node.kind === 'echo') {
console.log('Found an echo statement');
}
for (let key in node) {
if (node[key] && typeof node[key] === 'object') {
traverse(node[key]);
}
}
}
traverse(ast);Modifying the AST
This feature allows you to modify the AST. The code sample demonstrates how to change the output of an echo statement from 'Hello, World!' to 'Hello, Universe!'.
const parser = require('php-parser');
const phpParser = new parser({ parser: { extractDoc: true } });
let ast = phpParser.parseCode('<?php echo "Hello, World!"; ?>');
function modifyEcho(node) {
if (node.kind === 'echo') {
node.arguments[0].value = 'Hello, Universe!';
}
for (let key in node) {
if (node[key] && typeof node[key] === 'object') {
modifyEcho(node[key]);
}
}
}
modifyEcho(ast);
console.log(JSON.stringify(ast, null, 2));Esprima is a high-performance, standard-compliant ECMAScript parser written in JavaScript. It is used for parsing JavaScript code into an AST. While php-parser is used for PHP, Esprima serves a similar purpose for JavaScript.
Acorn is a small, fast, JavaScript-based JavaScript parser. It generates an AST from JavaScript code and is known for its performance and modularity. Like php-parser, it is used for parsing code into an AST, but it is specific to JavaScript.
This javascript library parses PHP code and convert it to AST.
This library is distributed with npm :
npm install php-parser --save
// initialize the php parser factory class
var engine = require('php-parser');
// initialize a new parser instance
var parser = new engine({
// some options :
parser: {
extractDoc: true
},
ast: {
withPositions: true
}
});
// Retrieve the AST from the specified source
var AST = parser.parseEval('echo "Hello World";');
// AST.kind === 'program';
// AST.children[0].kind === 'echo';
// Retrieve an array of tokens (same as php function token_get_all)
var tokens = parser.tokenGetAll('<?php echo "Hello World";');
{
'kind': 'program',
'children': [
{
'kind': 'echo',
'arguments': [
{
'kind': 'string',
'isDoubleQuote': true,
'value': 'Hello World'
}
]
}
]
}
Try it online (demo) : http://glayzzle.com/php-parser/#demo
The main API exposes a class with the following methods :
You can also pass options that change the behavior of the parser/lexer.
You can add here your own project by opening an issue request.
This library is released under BSD-3 license clause.
If you want to contribute please visit this repository https://github.com/glayzzle/php-parser-dev.
FAQs
Parse PHP code from JS and returns its AST
The npm package php-parser receives a total of 173,081 weekly downloads. As such, php-parser popularity was classified as popular.
We found that php-parser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.