Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The stackback npm package is designed to provide an easy way to extract a stack trace from a given Error object. It parses the stack property of Error objects to return an array of call site objects, which can be used for debugging or logging purposes. This can be particularly useful in environments where understanding the sequence of function calls leading to an error is crucial for diagnosing issues.
Extracting stack traces from Error objects
This feature allows developers to pass an Error object to the stackback function, which returns an array of call site objects representing the stack trace. Each call site object provides detailed information about each stack frame, such as the file name, line number, and column number where the error occurred. This can be invaluable for debugging by providing a clear path of execution up to the point where the error was thrown.
const stackback = require('stackback');
const error = new Error('Test Error');
const stack = stackback(error);
console.log(stack);
Similar to stackback, error-stack-parser is a package that extracts stack traces from Error objects. It provides a slightly different API and may offer more detailed parsing in some cases. The choice between stackback and error-stack-parser might come down to personal preference or specific requirements regarding the format and details of the parsed stack trace.
The stack-trace package offers functionality to capture and analyze stack traces in Node.js applications. While it shares the core feature of extracting stack traces with stackback, stack-trace provides additional utilities for working with and manipulating stack traces, such as filtering or mapping over stack frames. This makes it a more feature-rich option, albeit potentially more complex to use for simple stack trace extraction tasks.
Returns an array of CallSite objects for a captured stacktrace. Useful if you want to access the frame for an error object.
var stackback = require('stackback');
// error generated from somewhere
var err = new Error('some sample error');
// stack is an array of CallSite objects
var stack = stackback(err);
From the V8 StackTrace API
The structured stack trace is an Array of CallSite objects, each of which represents a stack frame. A CallSite object defines the following methods
getThis: returns the value of this
getTypeName: returns the type of this as a string. This is the name of the function stored in the constructor field of this, if available, otherwise the object's [[Class]] internal property.
getFunction: returns the current function
getFunctionName: returns the name of the current function, typically its name property. If a name property is not available an attempt will be made to try to infer a name from the function's context.
getMethodName: returns the name of the property of this or one of its prototypes that holds the current function
getFileName: if this function was defined in a script returns the name of the script
getLineNumber: if this function was defined in a script returns the current line number
getColumnNumber: if this function was defined in a script returns the current column number
getEvalOrigin: if this function was created using a call to eval returns a CallSite object representing the location where eval was called
isToplevel: is this a toplevel invocation, that is, is this the global object?
isEval: does this call take place in code defined by a call to eval?
isNative: is this call in native V8 code?
isConstructor: is this a constructor call?
npm install stackback
FAQs
return list of CallSite objects from a captured stacktrace
The npm package stackback receives a total of 4,554,680 weekly downloads. As such, stackback popularity was classified as popular.
We found that stackback demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.