token-scope
Advanced tools
A very fast approximation of lexical-scope. It takes the source code and returns a list of all identifiers that have the potential to be references to global variables. This just parses the token stream, so it is much less thorough than lexical-scope or using uglify-js to do the same thing. It has the advantage of being vastly faster though. It is good enough to detect that jQuery does not contain require or any of the node.js globals.
npm install token-scope
var detect = require('token-scope')
var inspectForRequire = detect(src)
if (inspectForRequire.indexOf('require') != -1) {
// do more time consuming checks to search for require properly
}
Tests:
var detect = require('token-scope')
describe('detect(src, identifiers)', function () {
it('returns an array of identifiers that might represent global variable references', function () {
assert(detect('var x = require("foo")').indexOf('require') != -1)
assert(detect('var x = foo("require")').indexOf('require') == -1)
})
})
To run the benchmarks, download this repository then do:
$ npm install
$ node bench/run.js
This runs 3 different scoping mechanisms on a minified copy of jQuery and report the total time for 10 iterations. They then also check that the result does not include any of the node.js globals. On my machine, this results in the output (note how token-scope results in a lot more potential globals, but still turns out to be good enough to rule out node.js globals):
| name | time | output |
|---|---|---|
| token-scope | 747ms | a,b,cy,f,cv,ck,… |
| ugly-scope | 1457ms | setTimeout,par… |
| lexical-scope | 2252ms | setTimeout,par… |
MIT
FAQs
A very fast approximation of lexical-scope
We found that token-scope demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A surge of AI-generated vulnerability reports has pushed open source maintainers to rethink bug bounties and tighten security disclosure processes.
Product
Scan results now load faster and remain consistent over time, with stable URLs and on-demand rescans for fresh security data.
Product
Socket's new Alert Details page is designed to surface more context, with a clearer layout, reachability dependency chains, and structured review.