Security News
Crates.io Implements Trusted Publishing Support
Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.
By Sarah Gooding - Jul 16, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
- Maintainers
- 1
tree-sitter-zeek
A Zeek grammar for tree-sitter.
Background
This grammar parses scripts written in the Zeek scripting language.
The goal of this grammar is to facilitate tooling around Zeek
scripts. For that reason, its structure resembles Zeek's grammar but differs in
a number of ways. For example, it tracks newlines explicitly and relies more
strongly on precedence and associativity to resolve ambiguities. Like Zeek's
parser, this one currently doesn't name symbols deeply: for example, the grammar
features an expr rule that covers any kind of expression, but the choices
aren't currently broken down into, say, addition_expr, or_expr, and
similars.
Usage
To use the generated parser directly (e.g. via any of tree-sitter's
language bindings),
clone this repository recursively. We maintain a separate
git repository
to track generated sources. You do not need the tree-sitter CLI
to use those sources in your tooling, but you'll likely want it
anyway to explore the parser. For example, tree-sitter parse <script>
produces the script's syntax tree, and tree-sitter highlight <script>
shows syntax-highlighted sources.
Building the parser
- Install tree-sitter on your machine.
- Generate the parser: run
tree-sitter generate.
Testing
There's currently no tree-sitter test testsuite. Instead, a test driver runs
the parser on every Zeek script in the Zeek distribution, reporting any
errors. For CI, a Github Action workflow additionally clones the Zeek tree prior
to running this test, to ensure that those Zeek scripts are available.
Releasing a new version
To release a new version manually update the version number in the following ecosystem-specific files:
package.json: keyversionpackage-lock.json: updatepackage.jsonand runnpm installto update the lock file.
pyproject.toml: keyproject.versionCargo.toml: keypackage.versiontree-sitter.json: keymetadata.versionCMakeLists.txt:VERSIONinprojectcall
Once all versions are consistently updated create a version tag vX.Y.Z and
push it. We trigger automatic publishing of releases for all tags.
Keywords
FAQs
Zeek grammar for tree-sitter
We found that tree-sitter-zeek demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Tracking Protestware Spread: 28 npm Packages Affected by Payload Targeting Russian-Language Users
Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.
By Olivia Brown - Jul 15, 2025
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
By Kirill Boychenko - Jul 14, 2025