Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The SPARQL 1.1 Query Language allows to query datasources of RDF triples.
SPARQL.js translates SPARQL into JSON and back,
so you can parse and build SPARQL queries in your JavaScript applications.
It also contains support for the SPARQL* extension
under the sparqlStar
option.
It fully supports the SPARQL 1.1 specification, including property paths, federation, and updates.
// Parse a SPARQL query to a JSON object
var SparqlParser = require('sparqljs').Parser;
var parser = new SparqlParser();
var parsedQuery = parser.parse(
'PREFIX foaf: <http://xmlns.com/foaf/0.1/> ' +
'SELECT * { ?mickey foaf:name "Mickey Mouse"@en; foaf:knows ?other. }');
// Regenerate a SPARQL query from a JSON object
var SparqlGenerator = require('sparqljs').Generator;
var generator = new SparqlGenerator({ /* prefixes, baseIRI, factory, sparqlStar */ });
parsedQuery.variables = ['?mickey'];
var generatedQuery = generator.stringify(parsedQuery);
Set sparqlStar
to true
to allow SPARQL* syntax.
Set pathOnly
to true
to parse SPARQL paths such as foaf:name/foaf:knows
rather than the full SPARQL Algebra.
By default SPARQL.js throws on queries that are syntactically correct, but not allowed by the spec.
Set skipValidation
to true
to skip validation.
// Parse a SPARQL query without validation.
var SparqlParser = require('sparqljs').Parser;
var parser = new SparqlParser({ skipValidation: true });
var parsedQuery = parser.parse(
'select (?x as ?xString)' +
'(count(?y) as ?count)' +
'{ ?x ?y ?z }');
$ sparql-to-json --strict query.sparql
Parse SPARQL* syntax by default.
For pure SPARQL 1.1, use the --strict
flag.
Queries are represented in a JSON structure. The most easy way to get acquainted with this structure is to try the examples in the queries
folder through sparql-to-json
. All examples of the SPARQL 1.1 specification have been included, in case you wonder how a specific syntactical construct is represented.
Here is a simple query in SPARQL:
PREFIX dbpedia-owl: <http://dbpedia.org/ontology/>
SELECT ?p ?c WHERE {
?p a dbpedia-owl:Artist.
?p dbpedia-owl:birthPlace ?c.
?c <http://xmlns.com/foaf/0.1/name> "York"@en.
}
And here is the same query in JSON:
{
"queryType": "SELECT",
"variables": [
{
"termType": "Variable",
"value": "p"
},
{
"termType": "Variable",
"value": "c"
}
],
"where": [
{
"type": "bgp",
"triples": [
{
"subject": {
"termType": "Variable",
"value": "p"
},
"predicate": {
"termType": "NamedNode",
"value": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type"
},
"object": {
"termType": "NamedNode",
"value": "http://dbpedia.org/ontology/Artist"
}
},
{
"subject": {
"termType": "Variable",
"value": "p"
},
"predicate": {
"termType": "NamedNode",
"value": "http://dbpedia.org/ontology/birthPlace"
},
"object": {
"termType": "Variable",
"value": "c"
}
},
{
"subject": {
"termType": "Variable",
"value": "c"
},
"predicate": {
"termType": "NamedNode",
"value": "http://xmlns.com/foaf/0.1/name"
},
"object": {
"termType": "Literal",
"value": "York",
"language": "en",
"datatype": {
"termType": "NamedNode",
"value": "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString"
}
}
}
]
}
],
"type": "query",
"prefixes": {
"dbpedia-owl": "http://dbpedia.org/ontology/"
}
}
The representation of triples uses the RDF/JS representation.
$ [sudo] npm [-g] install sparqljs
The SPARQL.js library is copyrighted by Ruben Verborgh and released under the MIT License.
Contributions are welcome, and bug reports or pull requests are always helpful.
FAQs
A parser for the SPARQL query language
We found that sparqljs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.