Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The y18n npm package is a library that provides internationalization (i18n) support for your Node.js applications. It allows you to define translations for your application's text strings and switch between different languages at runtime based on user preferences or other criteria.
Locale String Translation
This feature allows you to translate strings into different locales. You define a set of translations for each language, and y18n will replace placeholders with the appropriate translations.
{"en": {"My cat is %s": "My cat is %s"}, "es": {"My cat is %s": "Mi gato es %s"}}
Pluralization
y18n supports pluralization, which means it can handle different translations based on the number of items. This is useful for languages that have different word forms depending on the count.
{"en": {"cat": {"one": "%d cat", "other": "%d cats"}}, "es": {"cat": {"one": "%d gato", "other": "%d gatos"}}}
Locale Switching
With y18n, you can switch the active locale at runtime, which allows your application to change languages on the fly based on user input or other conditions.
y18n.setLocale('es');
i18next is a very popular internationalization framework for JavaScript. It offers a rich feature set including variable replacement, nesting, formatting, and more. It is more feature-rich and has a larger ecosystem than y18n, including plugins for frontend frameworks and backend integrations.
react-intl is designed specifically for React applications and provides React components and an API to format dates, numbers, and strings, including pluralization and handling translations. It is more specialized for React than y18n, which is more general-purpose.
Polyglot.js is a tiny I18n helper library that provides simple translation and pluralization. It is smaller and has a simpler API compared to y18n, making it a good choice for projects that require a lightweight solution.
The bare-bones internationalization library used by yargs.
Inspired by i18n.
simple string translation:
const __ = require('y18n')().__;
console.log(__('my awesome string %s', 'foo'));
output:
my awesome string foo
using tagged template literals
const __ = require('y18n')().__;
const str = 'foo';
console.log(__`my awesome string ${str}`);
output:
my awesome string foo
pluralization support:
const __n = require('y18n')().__n;
console.log(__n('one fish %s', '%d fishes %s', 2, 'foo'));
output:
2 fishes foo
As of v5
y18n
supports Deno:
import y18n from "https://deno.land/x/y18n/deno.ts";
const __ = y18n({
locale: 'pirate',
directory: './test/locales'
}).__
console.info(__`Hi, ${'Ben'} ${'Coe'}!`)
You will need to run with --allow-read
to load alternative locales.
The JSON language files should be stored in a ./locales
folder.
File names correspond to locales, e.g., en.json
, pirate.json
.
When strings are observed for the first time they will be added to the JSON file corresponding to the current locale.
Create an instance of y18n with the config provided, options include:
directory
: the locale directory, default ./locales
.updateFiles
: should newly observed strings be updated in file, default true
.locale
: what locale should be used.fallbackToLanguage
: should fallback to a language-only file (e.g. en.json
)
be allowed if a file matching the locale does not exist (e.g. en_US.json
),
default true
.Print a localized string, %s
will be replaced with arg
s.
This function can also be used as a tag for a template literal. You can use it
like this: __`hello ${'world'}`
. This will be equivalent to
__('hello %s', 'world')
.
Print a localized string with appropriate pluralization. If %d
is provided
in the string, the count
will replace this placeholder.
Set the current locale being used.
What locale is currently being used?
Update the current locale with the key value pairs in obj
.
Libraries in this ecosystem make a best effort to track Node.js' release schedule. Here's a post on why we think this is important.
ISC
FAQs
the bare-bones internationalization library used by yargs
The npm package y18n receives a total of 53,247,372 weekly downloads. As such, y18n popularity was classified as popular.
We found that y18n demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.