Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
unist-util-select
Advanced tools
The unist-util-select package is a utility for selecting nodes in a Unist syntax tree using CSS-like selectors. It allows for querying and manipulating nodes in a tree structure, making it easier to work with abstract syntax trees (ASTs) in JavaScript.
Select a single node
This feature allows you to select a single node from the tree that matches the given selector. In this example, it selects the first 'paragraph' node in the tree.
const select = require('unist-util-select').select;
const tree = { type: 'root', children: [{ type: 'paragraph', children: [{ type: 'text', value: 'Hello, world!' }] }] };
const node = select('paragraph', tree);
console.log(node);
Select multiple nodes
This feature allows you to select all nodes from the tree that match the given selector. In this example, it selects all 'paragraph' nodes in the tree.
const selectAll = require('unist-util-select').selectAll;
const tree = { type: 'root', children: [{ type: 'paragraph', children: [{ type: 'text', value: 'Hello, world!' }] }, { type: 'paragraph', children: [{ type: 'text', value: 'Another paragraph.' }] }] };
const nodes = selectAll('paragraph', tree);
console.log(nodes);
Select nodes with specific attributes
This feature allows you to select nodes that have specific attributes. In this example, it selects all nodes with a 'data-id' attribute equal to 'intro'.
const selectAll = require('unist-util-select').selectAll;
const tree = { type: 'root', children: [{ type: 'paragraph', data: { id: 'intro' }, children: [{ type: 'text', value: 'Introduction' }] }, { type: 'paragraph', data: { id: 'main' }, children: [{ type: 'text', value: 'Main content' }] }] };
const nodes = selectAll('[data-id="intro"]', tree);
console.log(nodes);
unist-util-visit is a utility for recursively visiting nodes in a Unist syntax tree. It allows for more complex traversal and manipulation of nodes compared to unist-util-select, but does not use CSS-like selectors.
hast-util-select is similar to unist-util-select but is specifically designed for working with HAST (Hypertext Abstract Syntax Tree) nodes. It provides CSS-like selectors for querying HAST nodes.
unist-builder is a utility for creating Unist syntax trees. While it does not provide querying capabilities like unist-util-select, it is useful for constructing trees programmatically.
Select unist nodes using css-like selectors.
example.md
:
Get all TODO items from this list:
1. Step 1.
2. TODO Step 2.
3. Step 3.
1. TODO Step 3.1.
2. Step 3.2.
3. TODO Step 3.3.
mdast
takes this Markdown as an input and returns unist syntax tree. After that, we use unist-util-select
to extract the required parts:
var select = require('unist-util-select');
var markdown = fs.readFileSync('example.md', 'utf8');
var ast = mdast.parse(markdown);
select(ast, 'list text[value*=TODO]')
//=> [ { type: 'text', value: 'TODO Step 2.' },
// { type: 'text', value: 'TODO Step 3.1.' },
// { type: 'text', value: 'TODO Step 3.3.' } ]
That's it!
paragraph
paragraph text
paragraph > text
paragraph ~ text
paragraph + text
paragraph, text
*
text[value*="substr"]
[value]
[value="foo"]
[value^="prefix"]
[value*="substr"]
[value$="suffix"]
select(ast, selector)
Applies selector
to ast
, returns array of matching nodes.
npm install unist-util-select
MIT
FAQs
unist utility to select nodes with CSS-like selectors
The npm package unist-util-select receives a total of 135,432 weekly downloads. As such, unist-util-select popularity was classified as popular.
We found that unist-util-select demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.