Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
vfile-message
Advanced tools
The vfile-message npm package is designed for creating and managing virtual file messages, such as warnings and errors, in a standardized format. It is commonly used in file processing pipelines to report issues found during the processing of files. These messages can include details such as the position of the issue within the file, the rule that was violated, and a human-readable message describing the problem.
Creating a new message
This code demonstrates how to create a new vfile message. The message includes a human-readable string, a position object indicating where in the file the message applies, and an optional error code.
{"const VFileMessage = require('vfile-message');\nconst message = new VFileMessage('This is an error message', {line: 10, column: 5}, 'error-code');\nconsole.log(message);"}
Associating a message with a file
This example shows how to create a vfile message and associate it with a vfile. The message is pushed into the file's `messages` array, allowing multiple messages to be associated with a single file.
{"const vfile = require('vfile');\nconst VFileMessage = require('vfile-message');\nconst file = vfile();\nconst error = new VFileMessage('Invalid syntax', {line: 2, column: 10}, 'syntax-error');\nfile.messages.push(error);\nconsole.log(file.messages);"}
ESLint is a tool for identifying and reporting on patterns found in ECMAScript/JavaScript code, making it somewhat similar to vfile-message in its ability to report errors and warnings. However, ESLint is more focused on linting JavaScript code according to customizable coding standards, whereas vfile-message is more generic and can be used with any type of file.
Chalk is a package for styling terminal text. While not directly similar to vfile-message in functionality, it is often used alongside vfile-message and other reporting tools to colorize messages (errors, warnings) for better visibility in the console. Chalk does not create or manage messages but enhances the presentation of messages created by packages like vfile-message.
Remark-lint is a markdown code style linter that is part of the unified.js ecosystem, similar to vfile-message which is also often used in the unified ecosystem for handling messages. Remark-lint focuses specifically on linting Markdown files according to a set of rules, generating messages (warnings, errors) similar to those created by vfile-message, but with a focus on Markdown content.
Create vfile messages.
This package provides a (lint) message format.
In most cases, you can use file.message
from VFile
itself, but in some
cases you might not have a file, and still want to emit warnings or errors,
in which case this can be used directly.
This package is ESM only. In Node.js (version 16+), install with npm:
npm install vfile-message
In Deno with esm.sh
:
import {VFileMessage} from 'https://esm.sh/vfile-message@4'
In browsers with esm.sh
:
<script type="module">
import {VFileMessage} from 'https://esm.sh/vfile-message@4?bundle'
</script>
import {VFileMessage} from 'vfile-message'
const message = new VFileMessage(
'Unexpected unknown word `braavo`, did you mean `bravo`?',
{source: 'spell', ruleId: 'typo', place: {line: 1, column: 8}}
)
console.log(message)
Yields:
[1:8: Unexpected unknown word `braavo`, did you mean `bravo`?] {
reason: 'Unexpected unknown word `braavo`, did you mean `bravo`?',
line: 1,
column: 8,
ancestors: undefined,
cause: undefined,
fatal: undefined,
place: {line: 1, column: 8},
ruleId: 'typo',
source: 'spell'
}
This package exports the identifier VFileMessage
.
There is no default export.
VFileMessage(reason[, options])
Create a message for reason
.
🪦 Note: also has obsolete signatures.
reason
(string
)
— reason for message (should use markdown)options
(Options
, optional)
— configuration.Instance of VFileMessage
.
ancestors
(Array<Node>
or undefined
)
— stack of (inclusive) ancestor nodes surrounding the messagecause
(Error
or undefined
)
— original error cause of the messagecolumn
(number
or undefined
)
— starting column of messagefatal
(boolean
or undefined
)
— state of problem; true
: error, file not usable; false
: warning,
change may be needed; undefined
: info, change likely not neededline
(number
or undefined
)
— starting line of messageplace
(Point
, Position
or undefined
)
— place of messagereason
(string
)
— reason for message (should use markdown)ruleId
(string
or undefined
, example: 'my-rule'
)
— category of messagesource
(string
or undefined
, example: 'my-package'
)
— namespace of messageOptions
Configuration (TypeScript type).
ancestors
(Array<Node>
, optional)
— stack of (inclusive) ancestor nodes surrounding the messagecause
(Error
, optional)
— original error cause of the messageplace
(Point
or Position
, optional)
— place of messageruleId
(string
, optional, example: 'my-rule'
)
— category of messagesource
(string
, optional, , example: 'my-package'
)
— namespace of who sent the messageIt’s OK to store custom data directly on the VFileMessage
, some of those are
handled by utilities.
The following fields are documented and typed here.
actual
(string
, optional)
— specify the source value that’s being reported, which is deemed incorrectexpected
(Array<string>
, optional)
— suggest acceptable values that can be used instead of actual
url
(string
, optional)
— link to docs for the message (this must be an absolute URL that can be
passed as x
to new URL(x)
)note
(string
, optional)
— long form description of the message (you should use markdown)This package is fully typed with TypeScript.
It exports the additional type Options
.
Projects maintained by the unified collective are compatible with maintained versions of Node.js.
When we cut a new major release, we drop support for unmaintained versions of
Node.
This means we try to keep the current release line, vfile-message@^4
,
compatible with Node.js 16.
See contributing.md
in vfile/.github
for ways to
get started.
See support.md
for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.
FAQs
vfile utility to create a virtual message
The npm package vfile-message receives a total of 9,600,628 weekly downloads. As such, vfile-message popularity was classified as popular.
We found that vfile-message demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.