Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
stacktracey
Advanced tools
Stacktracey is an npm package that provides a powerful and flexible way to parse, manipulate, and analyze JavaScript stack traces. It helps developers to better understand and debug errors by offering a more readable and structured representation of stack traces.
Parsing Stack Traces
This feature allows you to parse a stack trace from an error object. The parsed stack trace is more readable and structured, making it easier to understand the flow of the error.
const Stacktracey = require('stacktracey');
const error = new Error('Something went wrong');
const stack = new Stacktracey(error);
console.log(stack);
Filtering Stack Frames
This feature allows you to filter stack frames based on certain criteria, such as file names or line numbers. This can be useful for focusing on relevant parts of the stack trace.
const Stacktracey = require('stacktracey');
const error = new Error('Something went wrong');
const stack = new Stacktracey(error);
const filteredStack = stack.withSources.filter(frame => frame.file.includes('myProject'));
console.log(filteredStack);
Converting Stack Traces to String
This feature allows you to convert a parsed stack trace back into a string format, but in a more readable table format. This can be useful for logging or displaying the stack trace in a user-friendly manner.
const Stacktracey = require('stacktracey');
const error = new Error('Something went wrong');
const stack = new Stacktracey(error);
console.log(stack.asTable());
Error-stack-parser is a library that extracts and parses error stack traces. It provides a simple API to parse stack traces into a more readable format. Compared to Stacktracey, it is more focused on just parsing and does not offer as many features for manipulating or filtering stack traces.
Stacktrace-parser is a simple library for parsing JavaScript stack traces. It provides a basic API to convert stack trace strings into structured objects. While it is similar to Stacktracey in terms of parsing capabilities, it lacks the advanced features for filtering and converting stack traces into different formats.
Tracey is a lightweight library for parsing and formatting stack traces. It offers basic functionality for parsing stack traces and converting them into a more readable format. Compared to Stacktracey, it is less feature-rich but can be a good choice for simpler use cases.
Platform-agnostic callstack access helper.
// @hide
marker)npm install stacktracey
StackTracey = require ('stacktracey')
Captures current call stack:
stack = new StackTracey () // captures current call stack
Parses stacks from Error
object:
stack = new StackTracey (error) // parses error.stack
stack = new StackTracey (error.stack) // raw string
It is an array instance:
stack instanceof Array // returns true
stack.length // num entries
stack[0] // top
Each item exposes:
{
beforeParse: <original text>,
callee: <function name>,
calleeShort: <shortened function name>,
file: <full path to file>, // e.g. /Users/john/my_project/src/foo.js
fileShort: <shortened path to file>, // e.g. src/foo.js
fileName: <file name>', // e.g. foo.js
line: <line number>, // starts from 1
column: <column number>, // starts from 1
index: /* true if occured in HTML file at index page */,
native: /* true if occured in native browser code */,
thirdParty: /* true if occured in library code */,
hide: /* true if marked as hidden by "// @hide" tag */
}
Accessing sources:
stack = stack.withSources // will return a copy of stack with all items supplied with sources
top = stack[0]
top = stack.withSource (0) // supplies source for an individiual item
top = StackTracey.withSource (stack[0]) // supplies source for an individiual item
This will return item supplied with source code info (already mapped through sourcemaps):
{
... // all previous fields
line: <original line number>,
column: <original column number>,
sourceFile: <original source file object>,
sourceLine: <original source line text>
}
To learn about sourceFile
object, read get-source docs.
stack = stack.clean
.mergeRepeatedLines
)isThirdParty
(library calls)// @hide
comment (user defined exclusion)Note that .map
, .filter
(and other Array
methods) will return Array
instances, not StackTracey
instances. You can convert arrays to StackTracey
instances via this:
cleanStack = new StackTracey (stack.filter (x => !x.isThirdParty))
For convenience, there's a slice
method that comes with that behavior built in:
shiftedStack = stack.slice (3)
You can compare two locations via this predicate (tests file
, line
and column
for equality):
StackTracey.locationsEqual (a, b)
FAQs
Parses call stacks. Reads sources. Clean & filtered output. Sourcemaps. Node & browsers.
The npm package stacktracey receives a total of 761,191 weekly downloads. As such, stacktracey popularity was classified as popular.
We found that stacktracey demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.