Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The regexpp npm package is a library for parsing and manipulating regular expressions in JavaScript. It provides a detailed regular expression parser with a visitor interface for traversing abstract syntax trees, and utilities for working with regular expressions.
Regular Expression Parser
This feature allows you to parse a regular expression literal into an abstract syntax tree (AST), which can then be traversed or manipulated.
const { parseRegExpLiteral } = require('regexpp');
const ast = parseRegExpLiteral('/abc/g');
RegExp Visitor
This feature provides a visitor interface to traverse the AST nodes of a parsed regular expression, allowing you to perform operations on individual nodes.
const { RegExpParser, visitRegExpAST } = require('regexpp');
const parser = new RegExpParser();
const ast = parser.parsePattern('a|b');
visitRegExpAST(ast, {
onCharacterEnter(node) {
console.log(node.value);
}
});
RegExp Validator
This feature allows you to validate a regular expression pattern for syntax errors, which is useful for ensuring patterns are correct before using them.
const { RegExpValidator } = require('regexpp');
const validator = new RegExpValidator();
try {
validator.validatePattern('(?<name>a)');
} catch (error) {
console.error(error.message);
}
The 'ret' package is a regular expression parser that tokenizes regex strings. It is similar to regexpp in that it provides a way to parse regular expressions, but it does not offer the same visitor interface for traversing the AST.
The 'regexp-tree' package provides a regular expression parser, transformer, and optimizer. It is similar to regexpp in parsing capabilities but also includes optimization features for regular expressions, which regexpp does not have.
A regular expression parser for ECMAScript.
$ npm install regexpp
import {
AST,
RegExpParser,
RegExpValidator,
RegExpVisitor,
parseRegExpLiteral,
validateRegExpLiteral,
visitRegExpAST
} from "regexpp"
Parse a given regular expression literal then make AST object.
This is equivalent to new RegExpParser(options).parseLiteral(source)
.
source
(string | RegExp
) The source code to parse.options?
(RegExpParser.Options
) The options to parse.Validate a given regular expression literal.
This is equivalent to new RegExpValidator(options).validateLiteral(source)
.
source
(string
) The source code to validate.options?
(RegExpValidator.Options
) The options to validate.Visit each node of a given AST.
This is equivalent to new RegExpVisitor(handlers).visit(ast)
.
ast
(AST.Node
) The AST to visit.handlers
(RegExpVisitor.Handlers
) The callbacks.options?
(RegExpParser.Options
) The options to parse.Parse a regular expression literal.
source
(string
) The source code to parse. E.g. "/abc/g"
.start?
(number
) The start index in the source code. Default is 0
.end?
(number
) The end index in the source code. Default is source.length
.Parse a regular expression pattern.
source
(string
) The source code to parse. E.g. "abc"
.start?
(number
) The start index in the source code. Default is 0
.end?
(number
) The end index in the source code. Default is source.length
.uFlag?
(boolean
) The flag to enable Unicode mode.Parse a regular expression flags.
source
(string
) The source code to parse. E.g. "gim"
.start?
(number
) The start index in the source code. Default is 0
.end?
(number
) The end index in the source code. Default is source.length
.options
(RegExpValidator.Options
) The options to validate.Validate a regular expression literal.
source
(string
) The source code to validate.start?
(number
) The start index in the source code. Default is 0
.end?
(number
) The end index in the source code. Default is source.length
.Validate a regular expression pattern.
source
(string
) The source code to validate.start?
(number
) The start index in the source code. Default is 0
.end?
(number
) The end index in the source code. Default is source.length
.uFlag?
(boolean
) The flag to enable Unicode mode.Validate a regular expression flags.
source
(string
) The source code to validate.start?
(number
) The start index in the source code. Default is 0
.end?
(number
) The end index in the source code. Default is source.length
.handlers
(RegExpVisitor.Handlers
) The callbacks.Validate a regular expression literal.
ast
(AST.Node
) The AST to visit.Welcome contributing!
Please use GitHub's Issues/PRs.
npm test
runs tests and measures coverage.npm run build
compiles TypeScript source code to index.js
, index.js.map
, and index.d.ts
.npm run clean
removes the temporary files which are created by npm test
and npm run build
.npm run lint
runs ESLint.npm run update:test
updates test fixtures.npm run update:ids
updates src/unicode/ids.ts
.npm run watch
runs tests with --watch
option.FAQs
Regular expression parser for ECMAScript.
The npm package regexpp receives a total of 11,987,623 weekly downloads. As such, regexpp popularity was classified as popular.
We found that regexpp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.