Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
localizationkit
is a toolkit for ensuring that your localized strings are the best that they can be.
Included are tests for various things such as:
with lots more to come.
To use the library, first off, create a configuration file that is in the TOML format. Here's an example:
default_language = "en"
[has_comments]
minimum_comment_length = 25
minimum_comment_words = 8
[token_matching]
allow_missing_defaults = true
[token_position_identifiers]
always = false
This configuration file sets that en
is the default language (so this is the language that will be checked for comments, etc. and all tests will run relative to it). Then it sets various settings for each test. Every instance of [something_here]
specifies that the following settings are for that test. For example, the test has_comments
will now make sure that not only are there comments, but that they are at least 25 characters in length and 8 words in length.
You can now load in your configuration:
from localizationkit import Configuration
configuration = Configuration.from_file("/path/to/config.toml")
Now we need to prepare the strings that will go in. Here's how you can create an individual string:
from localizationkit import LocalizedString
my_string = LocalizedString("My string's key", "My string's value", "My string's comment", "en")
This creates a single string with a key, value and comment, with its language code set to en
. Once you've created some more (usually for different languages too), you can bundle them into a collection:
from localizationkit import LocalizedCollection
collection = LocalizedCollection(list_of_my_strings)
At this point, you are ready to run the tests:
import localizationkit
results = localizationkit.run_tests(configuration, collection)
for result in results:
if not result.succeeded():
print("The following test failed:", result.name)
print("Failures encountered:")
for violation in result.violations:
print(violation)
Some tests don't make sense for everyone. To skip a test you can add the following to your config file at the root:
blacklist = ["test_identifier_1", "test_identifier_2"]
Most tests have configurable rules. If a rule is not specified, it will use the default instead.
Some tests are opt in only. These will be marked as such.
Identifier: comment_linebreaks
Opt-In: true
Checks that comments for strings do not contain linebreaks. Comments which contain linebreaks can interfere with parsing in other tools such as dotstrings.
Identifier: comment_similarity
Checks the similarity between a comment and the string's value in the default language. This is achieved via difflib
's SequenceMatcher
. More details can be found here
Parameter | Type | Acceptable Values | Default | Details |
---|---|---|---|---|
maximum_similarity_ratio | float | Between 0 and 1 | 0.5 | Set the maximum similarity ratio between the comment and the string value. The higher the value, the more similar they are. The longer the string the more accurate this will be. |
Identifier: duplicate_keys
Checks that there are no duplicate keys in the collection.
Parameter | Type | Acceptable Values | Default | Details |
---|---|---|---|---|
all_languages | boolean | true or false | false | Set to true to check that every language has unique keys, not just the default language. |
Identifier: has_comments
Checks that strings have comments.
Note: Only languages that have Latin style scripts are really supported for the words check due to splitting on spaces to check.
Parameter | Type | Acceptable Values | Default | Details |
---|---|---|---|---|
minimum_comment_length | int | Any integer | 30 | Set the minimum allowable length for a comment. Set the value to negative to not check. |
minimum_comment_words | int | Any integer | 10 | Set the minimum allowable number of words for a comment. Set the value to negative to not check. |
Identifier: has_value
Checks that strings have values. Since any value is enough for some strings, it simply makes sure that the string isn't None/null and isn't empty.
Parameter | Type | Acceptable Values | Default | Details |
---|---|---|---|---|
default_language_only | boolean | true or false | false | Set to true to only check the default language for missing values. Otherwise all languages will be checked. |
Identifier: invalid_tokens
Checks that all format tokens in a string are valid.
Note: This check is not language specific. It only works very broadly.
Identifier: key_length
Checks the length of the keys.
Note: By default this test doesn't check anything. It needs to have parameters set to positive values to do anything.
Parameter | Type | Acceptable Values | Default | Details |
---|---|---|---|---|
minimum | int | Any integer | -1 | Set the minimum allowable length for a key. Set the value to negative to not check. |
maximum | int | Any integer | -1 | Set the maximum allowable length for a key. Set the value to negative to not check. |
Identifier: objectivec_alternative_tokens
Opt-In: true
Checks that strings do not contain Objective-C style alternative position tokens.
Objective-C seems to be allows positional tokens of the form %1@
rather than %1$@
. While not illegal, it is preferred that all tokens between languages are consistent so that tools don't experience unexpected failures, etc.
Identifier: placeholder_token_explanation
Opt-In: true
Checks that if a placeholder is used in a string, the comment explicitly explains what it is replaced with.
Precondition: Each placeholder in the string and its explanation in comment is expected to follow token_position_identifiers
rule.
Identifier: swift_interpolation
Opt-In: true
Checks that strings do not contain Swift style interpolation values since these cannot be localized.
Identifier: token_matching
Checks that the tokens in a string match across all languages. e.g. If your English string is "Hello %s" but your French string is "Bonjour", this would flag that there is a missing token in the French string.
Parameter | Type | Acceptable Values | Default | Details |
---|---|---|---|---|
allow_missing_defaults | boolean | true or false | false | Due to the way that automated localization works, usually there will be a default language, and then other translations will come in over time. If a translation is deleted, it isn't always deleted from all languages immediately. Setting this parameter to true will allow any strings in your non-default language to be ignored if that string is missing from your default language. |
Identifier: token_position_identifiers
Check that each token has a position specifier with it. e.g. %s
is not allowed, but %1$s
is. Tokens can move around in different languages, so position specifiers are extremely important.
Parameter | Type | Acceptable Values | Default | Details |
---|---|---|---|---|
always | boolean | true or false | false | If a string only has a single token, it doesn't need a position specifier. Set this to true to require it even in those cases. |
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
FAQs
String localization tests
We found that localizationkit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.