Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
pseudo-localization
Advanced tools
Inspired by pseudo-localization at Netflix and Firefox
English | Pseudo Language |
---|---|
pseudo-localization
is a script that performs pseudolocalization against the DOM or individual strings.
Demo here. Changing text nodes and adding or removing trees of elements will trigger a pseudolocalization run on all the new text added to the DOM. Try it using the devtools.
npm install pseudo-localization
Copy paste the files in src
and use as you wish. It's not a lot of code.
pseudo-localization
can be used like so:
import pseudoLocalization from 'pseudo-localization';
// Or using CommonJS
// const pseudoLocalization = require('pseudo-localization').default;
pseudoLocalization.start();
// Later, if needed
pseudoLocalization.stop();
To use pseudo-localization
in React, Vue, Ember or anything else, hook the start
and stop
methods into your libraries
component lifecycles. In React for example:
import React from 'react';
import pseudoLocalization from 'pseudo-localization';
class PseudoLocalization extends React.Component {
componentDidMount() {
pseudoLocalization.start();
}
componentWillUnmount() {
pseudoLocalization.stop();
}
}
// And use it
class Page extends React.Component {
render() {
return (
<main>
<PseudoLocalization />
<h1>I will get pseudo localized along with everything else under document.body!</h1>
<main>
);
}
}
You can also call the underlying localize
function to pseudo-localize any string. This is useful for non-browser environments like nodejs.
import { localize } from 'pseudo-localization';
// Or using CommonJS
// const { localize } = require('pseudo-localization');
console.log(localize('hello')); // --> ħḗḗŀŀǿǿ
console.log(localize('hello', { strategy: 'bidi' })); // --> oʅʅǝɥ
A good use-case for localize
is testing that strings are actually being localized and not hard coded.
import { localize } from 'pseudo-localization';
import translate from './my-translation-lib';
// Pseudo localize every string returned from your normal translation function.
const _ = key => localize(translate(key, navigator.language));
_('Some Localized Text'); // Şǿǿḿḗḗ Ŀǿǿƈȧȧŀīẑḗḗḓ Ŧḗḗẋŧ
// Or, in React for example
const Header = () => <h1>{_('Localized Header Text')}</h1>;
Any strings that do not pass through the translation function will now stand out in the UI because the will not be pseudo-localized.
pseudo-localization
supports two strategies:
Usage: pseudoLocalization.start({ strategy: 'accented' });
or simply pseudoLocalization.start();
.
In Accented English all Latin letters are replaced by accented Unicode counterparts which don't impair the readability of the content. This allows developers to quickly test if any given string is being correctly displayed in its 'translated' form. Additionally, simple heuristics are used to make certain words longer to better simulate the experience of international users.
Usage: pseudoLocalization.start({ strategy: 'bidi' });
.
Bidi English is a fake RTL locale. All words are surrounded by Unicode formatting marks forcing the RTL directionality of characters. In addition, to make the reversed text easier to read, individual letters are flipped.
To catch localization problems like:
In addition, the pseudo-localization process may uncover places where an element should be localizable, but is hard coded in a source language.
pseudo-localization
exports three functions.
pseudoLocalization.start(options)
pseudoLocalization.stop()
pseudoLocalization.localize(string, options)
pseudoLocalization.start(options)
Pseudo localizes the page and watched the DOM for additions/updates to continuously pseudo localize new content.
Accepts an options
object as an argument. Here are the keys in the options
object.
strategy
- default ('accented'
)The pseudo localization strategy to use when transforming strings. Accepted values are accented
or bidi
.
blacklistedNodeNames
- default (['STYLE']
)An array of Node.nodeName strings that will be ignored when localizing. This is useful for skipping <style>
, <text>
svg nodes or other nodes that potentially doesn't make sense to apply pseudo localization to. <style>
is skipped by default when blacklistedNodeNames
is not provided.
pseudoLocalization.stop()
Stops watching the DOM for additions/updates to continuously pseudo localize new content.
pseudoLocalization.localize(string, options)
Accepts a string to apply pseudo localization to. Returns the pseudo localized version on the string.
This function is used by pseudoLocalization.start
internally.
Accepts an options
object as an argument. Here are the keys in the options
object.
strategy
- default ('accented'
)The pseudo localization strategy to use when transforming strings. Accepted values are accented
or bidi
.
Works in all evergreen browsers.
2.0.1
pseudo-localization
works with nodejs.FAQs
Dynamic pseudo-localization in the browser and nodejs
The npm package pseudo-localization receives a total of 19,372 weekly downloads. As such, pseudo-localization popularity was classified as popular.
We found that pseudo-localization demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.