Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
syntax-error
Advanced tools
The syntax-error npm package is used to check JavaScript code for syntax errors. It can be used as a module in Node.js to detect and report syntax errors in code strings.
Check for syntax errors in a string of code
This feature allows you to pass a string of JavaScript code and optionally a filename, and it will return an error object if there are syntax errors in the code. If there are no syntax errors, it returns undefined.
const syntaxError = require('syntax-error');
const src = 'var foo = 1;
var bar = ;';
const err = syntaxError(src, 'foo.js');
if (err) console.error('Error:', err);
JSHint is a static code analysis tool used in software development for checking if JavaScript source code complies with coding rules. It is more comprehensive than syntax-error as it checks for errors and potential problems in code style and logic, not just syntax errors.
ESLint is a pluggable and configurable linter tool for identifying and reporting on patterns in JavaScript. It is more advanced than syntax-error, offering customizable rules for coding standards and errors, including syntax errors, code smells, and stylistic issues.
Acorn is a tiny, fast JavaScript parser, written completely in JavaScript. While syntax-error uses Acorn internally to detect syntax errors, Acorn itself is a more powerful tool that can be used for parsing JavaScript code into an abstract syntax tree (AST), which can then be analyzed or manipulated for various purposes.
Detect and report syntax errors in source code strings.
When you type node src.js
you get a friendly error report about exactly where
the syntax error is. This module lets you check for syntax errors and report
them in a similarly friendly format that wrapping a try/catch around
Function()
or vm.runInNewContext()
doesn't get you.
var fs = require('fs');
var check = require('syntax-error');
var file = __dirname + '/src.js';
var src = fs.readFileSync(file);
var err = check(src, file);
if (err) {
console.error('ERROR DETECTED' + Array(62).join('!'));
console.error(err);
console.error(Array(76).join('-'));
}
$ node check.js
ERROR DETECTED!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
/home/substack/projects/node-syntax-error/example/src.js:5
if (Array.isArray(x) res.push.apply(res, x);
^
ParseError: Unexpected identifier
---------------------------------------------------------------------------
var check = require('syntax-error')
Check the source code string src
for syntax errors.
Optionally you can specify a filename file
that will show up in the output.
If src
has a syntax error, return an error object err
that can be printed or
stringified.
If there are no syntax errors in src
, return undefined
.
Options will be passed through to acorn-node. acorn-node defaults to options that match the most recent Node versions.
Return the long string description with a source snippet and a ^
under
pointing exactly where the error was detected.
short string description of the error type
line number of the error in the original source (indexing starts at 1)
column number of the error in the original source (indexing starts at 1)
With npm do:
npm install syntax-error
MIT
FAQs
detect and report syntax errors in source code strings
We found that syntax-error demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 39 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.