Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Takes JavaScript code, along with a config and returns the original code with tokens wrapped as configured.
The redeyed npm package provides functionality for syntax highlighting and code transformation by allowing modifications to JavaScript code through configuration of hooks for tokens and types. It enables parsing JavaScript code, identifying tokens and their types, and then applying transformations or highlighting based on the configuration provided.
Syntax Highlighting
This feature allows for syntax highlighting of JavaScript code. By configuring the `String` token, all string literals in the code can be highlighted. The example demonstrates how to highlight string literals in green using ANSI escape codes.
const redeyed = require('redeyed');
const config = {
String: {
_default: { open: '\x1b[32m', close: '\x1b[39m', _default: true }
}
};
const code = '"Hello, world!"';
const highlighted = redeyed(code, config).code;
console.log(highlighted);
Code Transformation
This feature enables code transformation by applying custom transformations to specific JavaScript tokens. In the example, all instances of the `function` keyword are prefixed with `_function_`, demonstrating a simple transformation.
const redeyed = require('redeyed');
const config = {
Keyword: {
'function': { open: '_function_', close: '' }
}
};
const code = 'function example() {}';
const transformed = redeyed(code, config).code;
console.log(transformed);
Esprima is a popular JavaScript parser that provides a detailed syntax tree of JavaScript code. While it doesn't directly offer syntax highlighting or transformation, it serves as a foundation for building such tools. Compared to redeyed, Esprima offers more in-depth analysis but requires more setup for syntax highlighting or code transformation.
jscodeshift is a toolkit for running codemods over multiple JavaScript or TypeScript files. It uses a different approach than redeyed by focusing on code transformations rather than syntax highlighting. jscodeshift offers a more comprehensive API for complex code modifications, making it more suitable for large-scale refactoring.
highlight.js is a syntax highlighter written in JavaScript. It supports a wide range of programming languages, including JavaScript. Unlike redeyed, which allows for dynamic modification of code through configuration, highlight.js focuses solely on syntax highlighting without the ability to transform code.
Add color to your JavaScript!
Red Eyed Tree Frog (Agalychnis callidryas)
Takes JavaScript code, along with a config and returns the original code with tokens wrapped and/or replaced as configured.
One usecase is adding metadata to your code that can then be used to apply syntax highlighting.
undefined
of each token you want to configure with one of the following'before:after'
wraps the token inside before/after
{ _before: 'before', _after: 'after' }
wraps token inside before/after
For the {String}
and {Object}
configurations, 'before' or 'after' may be omitted:
{String}
:
'before:'
(omitting 'after')':after'
(omitting 'before'){Object}
:
{ _before: 'before' }
(omitting '_after'){ _after: 'after' }
(omitting '_before')In these cases the missing half is resolved as follows:
parent._default
(i.e., Keyword._default
) if foundconfig._default
if found''
(empty string)function (tokenString, info) { return {String}|{Object}; }
{
// {Int}
// the index of the token being processed inside tokens
tokenIndex
// {Array}
// all tokens that are being processed including comments
// (i.e. the result of merging esprima tokens and comments)
, tokens
// {Object}
// the abstract syntax tree of the parsed code
, ast
// {String}
// the code that was parsed (same string as the one passed to redeyed(code ..)
, code
}
In most cases the tokenString
is all you need. The extra info object is passed in case you need to gather more
information about the token
's surroundings in order to decide how to transform it.
See: replace-log-example
You can return a {String} or an {Object} from a {Function} config.
{
// {String}
// the string that should be substituted for the value of the current and all skipped tokens
replacement
// {Object} (Token)
// the token after which processing should continue
// all tokens in between the current one and this one inclusive will be ignored
, skipPastToken
}
redeyed(code, config[, opts])
Invoke redeyed with your configuration, a code snippet and maybe opts as in the below example:
var redeyed = require('redeyed')
, config = require('./path/to/config')
, code = 'var a = 3;'
, result;
// redeyed will throw an error (caused by the esprima parser) if the code has invalid javascript
try {
result = redeyed(code, config);
console.log(result.code);
} catch(err) {
console.error(err);
}
opts:
{ // {Boolean}
// if true `result.ast` property contains the abstract syntax tree of the code
// if false (default) `result.ast` is not assigned and therefore `undefined`
buildAst: true|false
// {Boolean}
// if `true`, jsx syntax is supported, default `false`
// due to how esprima works, the AST is built when this option is `true`, even if
// `buildAST` is `false`
, jsx: true|false
// {Boolean}
// if true `result.code` is not assigned and therefore `undefined`
// if false (default) `result.code` property contains the result of `split.join`
nojoin: true|false
// {Object}
// overrides default parser `esprima-fb` and needs to be compatible with it
parser: require('esprima')
}
return value:
{ ast
, tokens
, comments
, splits
, code
}
{Array}
: abstract syntax tree as returned by esprima
parse{Array}
: tokens provided by esprima (excluding
comments){Array}
: block and line comments as provided by esprima{Array}
: code pieces split up, some of which where transformed as configured{String}
: transformed code, same as splits.join('')
unless this step has been skipped (see opts)Ensure to include esprima as one of your dependencies
define(['redeyed'], function (redeyed) {
[ .. ]
});
The redeyed {Function}
will be exposed globally as window.redeyed
- big surprise!
<script type="text/javascript" src="https://unpkg.com/esprima"></script>
<script type="text/javascript" src="https://unpkg.com/redeyed"></script>
npm explore redeyed; npm demo
will let you try the browser examplenpm explore redeyed; npm demo-log
will let you try the replace log exampleFAQs
Takes JavaScript code, along with a config and returns the original code with tokens wrapped as configured.
The npm package redeyed receives a total of 3,109,606 weekly downloads. As such, redeyed popularity was classified as popular.
We found that redeyed demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.