Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
vscode-nls-dev
Advanced tools
Development time npm module to generate strings bundles from Javascript files
⚠️ This package is no longer receiving new features in favor of the new localization library, vscode-l10n. Please use that collection of libraries instead.
The tools automates the extraction of strings to be externalized from TS and JS code. It therefore helps localizing VSCode extensions and language servers written in TS and JS. It also contains helper methods to convert unlocalized JSON to XLIFF format for translations, and back to localized JSON files, with ability to push and pull localizations from Transifex platform.
nls.bundle(.${locale})?.json
file.To perform unlocalized JSON to XLIFF conversion it is required to call prepareXlfFiles(projectName, extensionName)
piping your extension/language server directory to it, where projectName
is the Transifex project name (if such exists) and extensionName
is the name of your extension/language server. Thereby, XLF files will have a path of projectName/extensionName.xlf
.
To convert translated XLIFF to localized JSON files prepareJsonFiles()
should be called, piping .xlf
files to it. It will parse translated XLIFF to JSON files, reconstructed under original file paths.
Updating Transifex with latest unlocalized strings is done via pushXlfFiles('www.transifex.com', apiName, apiToken)
and pullXlfFiles('www.transifex.com', apiName, apiToken, languages, resources)
for pulling localizations respectively. When pulling, you have to provide resources
array with object literals that have name
and project
properties. name
corresponds to the resource name in Transifex and project
is a project name of your Transifex project where this resource is stored. languages
argument is an array of strings of culture names to be pulled from Transifex.
Here is a sample code that adds localization using Transifex. You can copy and use it as a template for your own extension, changing the values to the ones described in the code comments.
var nls = require('vscode-nls-dev');
const vscodeLanguages = [
'zh-hans',
'zh-hant',
'ja',
'ko',
'de',
'fr',
'es',
'ru',
'it'
]; // languages an extension has to be translated to
const transifexApiHostname = 'www.transifex.com';
const transifexApiName = 'api';
const transifexApiToken = process.env.TRANSIFEX_API_TOKEN; // token to talk to Transifex (to obtain it see https://docs.transifex.com/api/introduction#authentication)
const transifexProjectName = 'vscode-extensions'; // your project name in Transifex
const transifexExtensionName = 'vscode-node-debug'; // your resource name in Transifex
gulp.task('transifex-push', function() {
return gulp.src('**/*.nls.json')
.pipe(nls.prepareXlfFiles(transifexProjectName, transifexExtensionName))
.pipe(nls.pushXlfFiles(transifexApiHostname, transifexApiName, transifexApiToken));
});
gulp.task('transifex-pull', function() {
return nls.pullXlfFiles(transifexApiHostname, transifexApiName, transifexApiToken, vscodeLanguages, [{ name: transifexExtensionName, project: transifexProjectName }])
.pipe(gulp.dest(`../${transifexExtensionName}-localization`));
});
gulp.task('i18n-import', function() {
return gulp.src(`../${transifexExtensionName}-localization/**/*.xlf`)
.pipe(nls.prepareJsonFiles())
.pipe(gulp.dest('./i18n'));
});
To push strings for translation to Transifex you call gulp transifex-push
. To pull and perform the import of latest translations from Transifex to your extension, you need to call transifex-pull
and i18n-import
sequentially. This will pull XLF files from Transifex in first gulp task, and import them to i18n folder in JSON format.
FAQs
Development time npm module to generate strings bundles from Javascript files
We found that vscode-nls-dev demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.