Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The 'toml' npm package is a library for parsing and stringifying TOML (Tom's Obvious, Minimal Language) data. TOML is a configuration file format that is easy to read due to its simplicity and human-readable syntax. This package allows you to convert TOML data to JavaScript objects and vice versa.
Parsing TOML to JavaScript Object
This feature allows you to parse a TOML string into a JavaScript object. The example demonstrates parsing a TOML string containing an 'owner' table with 'name' and 'dob' fields.
const toml = require('toml');
const tomlString = `
[owner]
name = "Tom Preston-Werner"
dob = 1979-05-27T07:32:00Z
`;
const parsedData = toml.parse(tomlString);
console.log(parsedData);
Stringifying JavaScript Object to TOML
This feature allows you to convert a JavaScript object into a TOML string. The example demonstrates stringifying a JavaScript object with an 'owner' property into a TOML formatted string.
const toml = require('toml');
const jsObject = {
owner: {
name: "Tom Preston-Werner",
dob: new Date('1979-05-27T07:32:00Z')
}
};
const tomlString = toml.stringify(jsObject);
console.log(tomlString);
The 'toml-js' package is another library for parsing and stringifying TOML data. It offers similar functionality to the 'toml' package but may have different performance characteristics and API design.
The 'tomlify-j0.4' package focuses on converting JavaScript objects to TOML strings. It is useful if you primarily need to generate TOML data from JavaScript objects.
The 'toml-node' package provides TOML parsing and stringifying capabilities. It is another alternative to the 'toml' package with its own implementation and features.
If you haven't heard of TOML, well you're just missing out. Go check it out now. Back? Good.
toml-node supports version 0.4.0 the TOML spec as specified by mojombo/toml@v0.4.0
toml-node is available via npm.
npm install toml
toml-node also works with browser module bundlers like Browserify and webpack.
Say you have some awesome TOML in a variable called someTomlString
. Maybe it came from the web; maybe it came from a file; wherever it came from, it came asynchronously! Let's turn that sucker into a JavaScript object.
var toml = require('toml');
var data = toml.parse(someTomlString);
console.dir(data);
toml.parse
throws an exception in the case of a parsing error; such exceptions have a line
and column
property on them to help identify the offending text.
try {
toml.parse(someCrazyKnuckleHeadedTrblToml);
} catch (e) {
console.error("Parsing error on line " + e.line + ", column " + e.column +
": " + e.message);
}
As of toml-node version 1.0, the streaming interface has been removed. Instead, use a module like concat-stream:
var toml = require('toml');
var concat = require('concat-stream');
var fs = require('fs');
fs.createReadStream('tomlFile.toml', 'utf8').pipe(concat(function(data) {
var parsed = toml.parse(data);
}));
Thanks @ForbesLindesay for the suggestion.
You can use the toml-require package to require()
your .toml
files with Node.js
You can experiment with TOML online at http://binarymuse.github.io/toml-node/, which uses the latest version of this library.
toml-node uses the PEG.js parser generator.
npm install
npm run build
npm test
Any changes to src/toml.peg
requires a regeneration of the parser with npm run build
.
toml-node is tested on Travis CI and is tested against:
toml-node is licensed under the MIT license agreement. See the LICENSE file for more information.
FAQs
TOML parser for Node.js (parses TOML spec v0.4.0)
The npm package toml receives a total of 1,358,518 weekly downloads. As such, toml popularity was classified as popular.
We found that toml demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.