Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
unist-util-select
Advanced tools
The unist-util-select package is a utility for selecting nodes in a Unist syntax tree using CSS-like selectors. It allows for querying and manipulating nodes in a tree structure, making it easier to work with abstract syntax trees (ASTs) in JavaScript.
Select a single node
This feature allows you to select a single node from the tree that matches the given selector. In this example, it selects the first 'paragraph' node in the tree.
const select = require('unist-util-select').select;
const tree = { type: 'root', children: [{ type: 'paragraph', children: [{ type: 'text', value: 'Hello, world!' }] }] };
const node = select('paragraph', tree);
console.log(node);
Select multiple nodes
This feature allows you to select all nodes from the tree that match the given selector. In this example, it selects all 'paragraph' nodes in the tree.
const selectAll = require('unist-util-select').selectAll;
const tree = { type: 'root', children: [{ type: 'paragraph', children: [{ type: 'text', value: 'Hello, world!' }] }, { type: 'paragraph', children: [{ type: 'text', value: 'Another paragraph.' }] }] };
const nodes = selectAll('paragraph', tree);
console.log(nodes);
Select nodes with specific attributes
This feature allows you to select nodes that have specific attributes. In this example, it selects all nodes with a 'data-id' attribute equal to 'intro'.
const selectAll = require('unist-util-select').selectAll;
const tree = { type: 'root', children: [{ type: 'paragraph', data: { id: 'intro' }, children: [{ type: 'text', value: 'Introduction' }] }, { type: 'paragraph', data: { id: 'main' }, children: [{ type: 'text', value: 'Main content' }] }] };
const nodes = selectAll('[data-id="intro"]', tree);
console.log(nodes);
unist-util-visit is a utility for recursively visiting nodes in a Unist syntax tree. It allows for more complex traversal and manipulation of nodes compared to unist-util-select, but does not use CSS-like selectors.
hast-util-select is similar to unist-util-select but is specifically designed for working with HAST (Hypertext Abstract Syntax Tree) nodes. It provides CSS-like selectors for querying HAST nodes.
unist-builder is a utility for creating Unist syntax trees. While it does not provide querying capabilities like unist-util-select, it is useful for constructing trees programmatically.
unist utility with equivalents for querySelector
, querySelectorAll
,
and matches
.
This package lets you find nodes in a tree, similar to how querySelector
,
querySelectorAll
, and matches
work with the DOM.
One notable difference between DOM and hast is that DOM nodes have references
to their parents, meaning that document.body.matches(':last-child')
can
be evaluated to check whether the body is the last child of its parent.
This information is not stored in hast, so selectors like that don’t work.
This utility works on any unist syntax tree and you can select all node types.
If you are working with hast, and only want to select elements, use
hast-util-select
instead.
This is a small utility that is quite useful, but is rather slow if you use it a
lot.
For each call, it has to walk the entire tree.
In some cases, walking the tree once with unist-util-visit
is smarter, such as when you want to change certain nodes.
On the other hand, this is quite powerful and fast enough for many other cases.
This package is ESM only. In Node.js (version 14.14+, 16.0+), install with npm:
npm install unist-util-select
In Deno with esm.sh
:
import {matches, select, selectAll} from "https://esm.sh/unist-util-select@4"
In browsers with esm.sh
:
<script type="module">
import {matches, select, selectAll} from "https://esm.sh/unist-util-select@4?bundle"
</script>
import {u} from 'unist-builder'
import {matches, select, selectAll} from 'unist-util-select'
const tree = u('blockquote', [
u('paragraph', [u('text', 'Alpha')]),
u('paragraph', [u('text', 'Bravo')]),
u('code', 'Charlie'),
u('paragraph', [u('text', 'Delta')]),
u('paragraph', [u('text', 'Echo')]),
u('paragraph', [u('text', 'Foxtrot')]),
u('paragraph', [u('text', 'Golf')])
])
matches('blockquote, list', tree) // => true
console.log(select('code ~ :nth-child(even)', tree))
// The paragraph with `Delta`
console.log(selectAll('code ~ :nth-child(even)', tree))
// The paragraphs with `Delta` and `Foxtrot`
This package exports the identifiers matches
, select
, and selectAll
.
There is no default export.
matches(selector, node)
Check that the given node
matches selector
.
This only checks the node itself, not the surrounding tree.
Thus, nesting in selectors is not supported (paragraph strong
,
paragraph > strong
), neither are selectors like :first-child
, etc.
This only checks that the given node matches the selector.
selector
(string
)
— CSS selector, such as (heading
, link, linkReference
).node
(Node
, optional)
— node that might match selector
Whether node
matches selector
(boolean
).
import {u} from 'unist-builder'
import {matches} from 'unist-util-select'
matches('strong, em', u('strong', [u('text', 'important')])) // => true
matches('[lang]', u('code', {lang: 'js'}, 'console.log(1)')) // => true
select(selector, tree)
Select the first node that matches selector
in the given tree
.
Searches the tree in preorder.
selector
(string
)
— CSS selector, such as (heading
, link, linkReference
).tree
(Node
, optional)
— tree to searchFirst node in tree
that matches selector
or null
if nothing is found.
This could be tree
itself.
import {u} from 'unist-builder'
import {select} from 'unist-util-select'
console.log(
select(
'code ~ :nth-child(even)',
u('blockquote', [
u('paragraph', [u('text', 'Alpha')]),
u('paragraph', [u('text', 'Bravo')]),
u('code', 'Charlie'),
u('paragraph', [u('text', 'Delta')]),
u('paragraph', [u('text', 'Echo')])
])
)
)
Yields:
{type: 'paragraph', children: [{type: 'text', value: 'Delta'}]}
selectAll(selector, tree)
Select all nodes that match selector
in the given tree
.
Searches the tree in preorder.
selector
(string
)
— CSS selector, such as (heading
, link, linkReference
).tree
(Node
, optional)
— tree to searchNodes in tree
that match selector
.
This could include tree
itself.
import {u} from 'unist-builder'
import {selectAll} from 'unist-util-select'
console.log(
selectAll(
'code ~ :nth-child(even)',
u('blockquote', [
u('paragraph', [u('text', 'Alpha')]),
u('paragraph', [u('text', 'Bravo')]),
u('code', 'Charlie'),
u('paragraph', [u('text', 'Delta')]),
u('paragraph', [u('text', 'Echo')]),
u('paragraph', [u('text', 'Foxtrot')]),
u('paragraph', [u('text', 'Golf')])
])
)
)
Yields:
[
{type: 'paragraph', children: [{type: 'text', value: 'Delta'}]},
{type: 'paragraph', children: [{type: 'text', value: 'Foxtrot'}]}
]
*
(universal selector),
(multiple selector)paragraph
(type selector)blockquote paragraph
(combinator: descendant selector)blockquote > paragraph
(combinator: child selector)code + paragraph
(combinator: adjacent sibling selector)code ~ paragraph
(combinator: general sibling selector)[attr]
(attribute existence, checks that the value on the tree is not
nullish)[attr=value]
(attribute equality, this stringifies values on the tree)[attr^=value]
(attribute begins with, only works on strings)[attr$=value]
(attribute ends with, only works on strings)[attr*=value]
(attribute contains, only works on strings)[attr~=value]
(attribute contains, checks if value
is in the array,
if there’s an array on the tree, otherwise same as attribute equality):any()
(functional pseudo-class, use :matches
instead):has()
(functional pseudo-class)
Relative selectors (:has(> img)
) are not supported, but :scope
is:matches()
(functional pseudo-class):not()
(functional pseudo-class):blank
(pseudo-class, blank and empty are the same: a parent without
children, or a node without value):empty
(pseudo-class, blank and empty are the same: a parent without
children, or a node without value):root
(pseudo-class, matches the given node):scope
(pseudo-class, matches the given node):first-child
(pseudo-class):first-of-type
(pseudo-class):last-child
(pseudo-class):last-of-type
(pseudo-class):only-child
(pseudo-class):only-of-type
(pseudo-class):nth-child()
(functional pseudo-class):nth-last-child()
(functional pseudo-class):nth-last-of-type()
(functional pseudo-class):nth-of-type()
(functional pseudo-class)matches
This package is fully typed with TypeScript. It exports no additional types.
Projects maintained by the unified collective are compatible with all maintained versions of Node.js. As of now, that is Node.js 14.14+ and 16.0+. Our projects sometimes work with older versions, but this is not guaranteed.
unist-util-is
— check if a node passes a testunist-util-visit
— recursively walk over nodesunist-util-visit-parents
— like visit
, but with a stack of parentsunist-builder
— create unist treesSee contributing.md
in syntax-tree/.github
for
ways to get started.
See support.md
for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.
MIT © Eugene Sharygin
FAQs
unist utility to select nodes with CSS-like selectors
We found that unist-util-select demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.