Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
stacktracey
Advanced tools
Parses call stacks. Reads sources. Clean & filtered output. Sourcemaps. Node & browsers.
Stacktracey is an npm package that provides a powerful and flexible way to parse, manipulate, and analyze JavaScript stack traces. It helps developers to better understand and debug errors by offering a more readable and structured representation of stack traces.
Parsing Stack Traces
This feature allows you to parse a stack trace from an error object. The parsed stack trace is more readable and structured, making it easier to understand the flow of the error.
const Stacktracey = require('stacktracey');
const error = new Error('Something went wrong');
const stack = new Stacktracey(error);
console.log(stack);
Filtering Stack Frames
This feature allows you to filter stack frames based on certain criteria, such as file names or line numbers. This can be useful for focusing on relevant parts of the stack trace.
const Stacktracey = require('stacktracey');
const error = new Error('Something went wrong');
const stack = new Stacktracey(error);
const filteredStack = stack.withSources.filter(frame => frame.file.includes('myProject'));
console.log(filteredStack);
Converting Stack Traces to String
This feature allows you to convert a parsed stack trace back into a string format, but in a more readable table format. This can be useful for logging or displaying the stack trace in a user-friendly manner.
const Stacktracey = require('stacktracey');
const error = new Error('Something went wrong');
const stack = new Stacktracey(error);
console.log(stack.asTable());
Error-stack-parser is a library that extracts and parses error stack traces. It provides a simple API to parse stack traces into a more readable format. Compared to Stacktracey, it is more focused on just parsing and does not offer as many features for manipulating or filtering stack traces.
Stacktrace-parser is a simple library for parsing JavaScript stack traces. It provides a basic API to convert stack trace strings into structured objects. While it is similar to Stacktracey in terms of parsing capabilities, it lacks the advanced features for filtering and converting stack traces into different formats.
Tracey is a lightweight library for parsing and formatting stack traces. It offers basic functionality for parsing stack traces and converting them into a more readable format. Compared to Stacktracey, it is less feature-rich but can be a good choice for simpler use cases.
Parses call stacks. Reads sources. Clean & filtered output. Sourcemaps. Node & browsers.
// @hide
marker)SyntaxError
instancesnpm install stacktracey
StackTracey = require ('stacktracey')
Captures the current call stack:
stack = new StackTracey () // captures the current call stack
Parses stacks from an Error
object:
stack = new StackTracey (error) // parses error.stack
stack = new StackTracey (error.stack) // raw string
It is an array instance:
stack instanceof Array // returns true
stack.length // num entries
stack[0] // top
...where each item exposes:
{
beforeParse: <original text>,
callee: <function name>,
calleeShort: <shortened function name>,
file: <full path to file>, // e.g. /Users/john/my_project/node_modules/foobar/main.js
fileRelative: <relative path to file>, // e.g. node_modules/foobar/main.js
fileShort: <short path to file>, // e.g. foobar/main.js
fileName: <file name>, // e.g. main.js
line: <line number>, // starts from 1
column: <column number>, // starts from 1
index: /* true if occured in HTML file at index page */,
native: /* true if occured in native browser code */,
thirdParty: /* true if occured in library code */,
hide: /* true if marked as hidden by "// @hide" tag */,
syntaxError: /* true if generated from a SyntaxError instance */
}
Accessing sources:
stack = stack.withSources // will return a copy of stack with all items supplied with sources
top = stack[0] // top item
...or:
top = stack.withSource (0) // supplies source for an individiual item
...or:
top = StackTracey.withSource (stack[0]) // supplies source for an individiual item
It will return an item supplied with the source code info (already mapped through sourcemaps):
{
... // all the previously described fields
line: <original line number>,
column: <original column number>,
sourceFile: <original source file object>,
sourceLine: <original source line text>
}
To learn about the sourceFile
object, read the get-source docs.
stack = stack.withSources.clean
isThirdParty
flag (library calls)// @hide
comment (user defined exclusion).mergeRepeatedLines
)You can augment the global isThirdParty
predicate with new rules:
StackTracey.isThirdParty.include (path => path.includes ('my-lib')) // paths including 'my-lib' will be marked as thirdParty
StackTracey.isThirdParty.except (path => path.includes ('jquery')) // jquery paths won't be marked as thirdParty
P.S. It is better to call .clean
on stacks supplied with sources (i.e. after the .withSources
), to make the // @hide
magic work, and to make third-party recognition work by reading proper file names in case if your source is compiled from other sources (and has a sourcemap attached).
const prettyPrintedString = new StackTracey (error).pretty
It produces a nice compact table layout (thanks to as-table
), supplied with source lines (if available):
at shouldBeVisibleInStackTrace test.js:25 const shouldBeVisibleInStackTrace = () => new StackTracey ()
at it test.js:100 const stack = shouldBeVisibleInStackTrace ()
at callFn mocha/lib/runnable.js:326 var result = fn.call(ctx);
at run mocha/lib/runnable.js:319 callFn(this.fn);
at runTest mocha/lib/runner.js:422 test.run(fn);
at mocha/lib/runner.js:528 self.runTest(function(err) {
at next mocha/lib/runner.js:342 return fn();
at mocha/lib/runner.js:352 next(suites.pop());
at next mocha/lib/runner.js:284 return fn();
at <anonymous> mocha/lib/runner.js:320 next(0);
You can even replace the default NodeJS exception printer with this! This is how you can do it:
process.on ('uncaughtException', e => { /* print the stack here */ })
process.on ('unhandledRejection', e => { /* print the stack here */ })
SyntaxError
instancesFor example, when trying to require
a file named test_files/syntax_error.js
:
// next line contains a syntax error (not a valid JavaScript)
foo->bar ()
...the pretty printed call stack for the error thrown would be something like:
at (syntax error) test_files/syntax_error.js:2 foo->bar ()
at it test.js:184 try { require ('./test_files/syntax_error.js') }
at runCallback timers.js:781
at tryOnImmediate timers.js:743
at processImmediate [as _immediat timers.js:714
...where the first line is generated from parsing the raw output from the util.inspect
call in Node. Unfortunately, this won't work in older versions of Node (v4 and below) as these versions can't provide any meaningful information for a SyntaxError
instance.
All StackTracey instances expose map
, filter
, concat
, reverse
and slice
methods. These methods will return mapped, filtered, joined, reversed and sliced stacks, respectively:
s = new StackTracey ().slice (1).filter (x => !x.isThirdParty) // current stack shifted by 1 and cleaned from library calls
s instanceof StackTracey // true
s instanceof Array // true
Other methods of the Array
are supported too, but they will return Array
instances, not StackTracey instances. You can convert from array via this:
stack = new StackTracey (array)
..and to array via this (but generally this is not needed — you can pass around StackTracey instances as if they were real Arrays):
Array.from (stack)
You can compare two locations via this predicate (tests file
, line
and column
for equality):
StackTracey.locationsEqual (a, b)
Resetting source cache (calls getSource.resetCache ()
from get-source):
StackTracey.resetCache ()
FAQs
Parses call stacks. Reads sources. Clean & filtered output. Sourcemaps. Node & browsers.
The npm package stacktracey receives a total of 986,804 weekly downloads. As such, stacktracey popularity was classified as popular.
We found that stacktracey demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.