Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
You prefer polishing your views to manually replacing strings in them to make them i18n compatible. If I got that one right, i15r is for you. It automates the process that would otherwise drive most of us nuts.
I15r (Internationalizer) searches for all the non-i18n texts in your erb and haml templates in the given file/directory and replaces them with I18n messages.
The message string is based on the path of the file in which the text was found and the text itself that was replaced.
E.g
(in file app/views/users/new.html.erb)
<label for="user-name">Name</label>
<input type="text" id="user-name" name="user[name]" />
will be replaced by:
(in file app/views/users/new.html.erb)
<label for="user-name"><%= I18n.t("users.new.name") %></label>
<input type="text" id="user-name" name="user[name]" />
and
(in file app/views/member/users/edit.html.erb)
<label for="user-name">Name</label>
<input type="text" id="user-name" name="user[name]" />
will be replaced by
(in file app/views/member/users/edit.html.erb)
<label for="user-name"><%= I18n.t("member.users.edit.name") %></label>
<input type="text" id="user-name" name="user[name]" />
gem install i15r
Put the following in your Gemfile:
gem 'i15r', '~> 0.5.1'
i15r path/leading/to/template
i15r path/leading/to/directory
All files with an erb or haml suffix in that directory or somewhere in the hierarchy below will be converted.
By default, i15r overwrites all the source files with the i18n message strings it generates. If you first want to see what would be replaced, you should do:
i15r app/views/users -n
or
i15r app/views/users --dry-run
If you don't want the file path to appear in the i18n message string, you can pass a prefix parameter that will be used to generate the message strings. For example if you have the following in a file called app/views/users/new.html.erb:
<label for="user-name">Name</label>
<input type="text" id="user-name" name="user[name]" />
And then call:
i15r app/views/users/new.html.erb --prefix my_project
The file will then contain:
<label for="user-name"><%= I18n.t("my_project.name") %></label>
<input type="text" id="user-name" name="user[name]" />
If you want the a prefix plus the file path to appear in the i18n message string, you can pass a prefix_with_path parameter:
i15r app/views/users/new.html.erb --prefix_with_path my_project
The above file will then contain:
<label for="user-name"><%= I18n.t("my_project.users.new.name") %></label>
<input type="text" id="user-name" name="user[name]" />
If you don't want to use the full I18n.t name, use the override_i18n_method parameter:
i15r app/views/users/new.html.erb --override_i18n_method t
This will cause output that normally results in:
<label for="user-name"><%= I18n.t("users.new.name") %></label>
to result in
<label for="user-name"><%= t("users.new.name") %></label>
If you want to skip the default translation, you must add the --no-default flag
For example, if calling
i15r app/views/users/new.html.erb
results in
<label for="user-name"><%= I18n.t("users.new.name", :default => 'Name') %></label>
Adding the --no-default flag
i15r app/views/users/new.html.erb --no-default
results in
<label for="user-name"><%= I18n.t("users.new.name") %></label>
I15R takes the 80-20 approach. It focuses on finding most of the text that needs to be replaced in your templates and replacing them with the correct i18n strings. It forgoes the 100% hit rate in favor of getting the 80% right and keeping the code (relatively) simple. Consequently, please report any bug that concerns strings that should not have been replaced or ones that have been replaced incorrectly.
A good practice is to first run i15r with the --dry-run option to see what would be replaced and then run it for real, without the --dry-run option. You can also run it on files that have already been "internationalized" since i15r will just skip those rows.
Your next step is probably to create a YML locale file containing all the strings i15r generated. You're in luck! missing_t is a gem that can do this for you.
Please submit any bugs or feature requests to the issue tracker.
If you'd like to contibute, please see Contributing.
Copyright (c) 2009 Balint Erdi
MIT License
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Unknown package
We found that i15r demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.