Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
vscode-nls
Advanced tools
The vscode-nls package is a localization library designed for use with Visual Studio Code extensions. It provides a simple way to localize strings in your extension, making it easier to support multiple languages.
Initialization
This feature allows you to initialize the localization library with a specific locale. The `config` method sets up the locale and returns a function that can be used to localize strings.
const nls = require('vscode-nls');
const localize = nls.config({ locale: 'en' })();
Localizing Strings
This feature allows you to localize strings using a key and a default message. The `localize` function takes a key and a default message, and returns the localized string based on the current locale.
const message = localize('key', 'Default message');
Loading Message Bundles
This feature allows you to load message bundles for localization. The `loadMessageBundle` method loads the message bundle for the current locale, which can then be used to localize strings.
const nls = require('vscode-nls');
const localize = nls.loadMessageBundle();
i18next is a popular internationalization framework for JavaScript. It provides a comprehensive set of features for localization, including support for multiple languages, pluralization, and interpolation. Compared to vscode-nls, i18next is more feature-rich and can be used in a variety of environments, not just Visual Studio Code extensions.
react-intl is a library for internationalizing React applications. It provides components and APIs for formatting dates, numbers, and strings, as well as handling pluralization and translations. While vscode-nls is focused on Visual Studio Code extensions, react-intl is specifically designed for use with React applications.
Globalize is a library for internationalization and localization in JavaScript. It provides support for formatting and parsing dates, numbers, and currencies, as well as message translation. Globalize is more general-purpose compared to vscode-nls, which is tailored for Visual Studio Code extensions.
CommonJS module to support externalization and localization. The module only depends on Node.js however its primary use case is for VSCode extensions.
import * as nls from 'vscode-nls';
let localize = nls.config({ locale: 'de-DE' })();
console.log(localize('keyOne', "Hello World"));
console.log(localize('keyTwo', "Current Date {0}", Date.now()));
The config
call configures the nls module and should only be called once in the applications entry point. You pass in the locale you want to use and whether the resolved locale should be cached for all further calls. The config call returns a function which is used to load a message bundle. During development time the argument should stay empty. There is another tool that helps extracting the message from your sources and it creates the message bundles autmatically for you. The tool is available here.
In secondary modules loaded from the 'main' module no configuration is necessary. However you still need to load the nls module and load the message bundle. This looks like this:
import * as nls from 'vscode-nls';
let localize = nls.loadMessageBundle();
console.log(localize('keyOne', "Hello World"));
During development time the strings in the code are presented to the user. If the locale is set to 'pseudo' the messages are modified in the following form:
VSCODE_NLS_CONFIG
setting.localize
function to string | number | boolean | null | undefined
nls.bundle(.${locale})?.json
file.FAQs
NPM module to externalize and localize VSCode extensions
The npm package vscode-nls receives a total of 876,523 weekly downloads. As such, vscode-nls popularity was classified as popular.
We found that vscode-nls demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.