Supply Chain Security
Vulnerability
Quality
Maintenance
License
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
CSS-like selectors for JSON.
More info about the JSON:select format
From your terminal:
gem install json_select
In your Gemfile:
gem 'json_select'
require 'json_select'
json = { # This would normally be loaded with something like yajl-ruby
"name" => {
"first" => "Lloyd",
"last" => "Hilaiel"
},
"favoriteColor" => "yellow",
"languagesSpoken" => [
{
"language" => "Bulgarian",
"level" => "advanced"
},
{
"language" => "English",
"level" => "native"
},
{
"language" => "Spanish",
"level" => "beginner"
}
],
"seatingPreference" => [ "window", "aisle" ],
"drinkPreference" => [ "beer", "whiskey", "wine" ],
"weight" => 172
}
JSONSelect('string:first-child').test(json) # => true
JSONSelect('string:first-child').match(json) # => "window"
JSONSelect('string:first-child').matches(json) # => ["window", "beer"]
✓ — Level 1 — *
Any node
✓ — Level 1 — T
A node of type T, where T is one string, number, object, array, boolean, or null
✓ — Level 1 — T.key
A node of type T which is the child of an object and is the value its parents key property
✓ — Level 1 — T."complex key"
Same as previous, but with property name specified as a JSON string
✓ — Level 1 — T:root
A node of type T which is the root of the JSON document
✓ — Level 1 — T:nth-child(n)
A node of type T which is the nth child of an array parent
✓ — Level 2 — T:nth-last-child(n)
A node of type T which is the nth child of an array parent counting from the end
✓ — Level 1 — T:first-child
A node of type T which is the first child of an array parent (equivalent to T:nth-child(1))
✓ — Level 2 — T:last-child
A node of type T which is the last child of an array parent (equivalent to T:nth-last-child(1))
✓ — Level 2 — T:only-child
A node of type T which is the only child of an array parent
✓ — Level 2 — T:empty
A node of type T which is an array or object with no child
✓ — Level 1 — T U
A node of type U with an ancestor of type T
✓ — Level 1 — T > U
A node of type U with a parent of type T
✗ — Level 2 — T ~ U
A node of type U with a sibling of type T
✓ — Level 1 — S1, S2
Any node which matches either selector S1 or S2
✗ — Level 3 — T:has(S)
A node of type T which has a child node satisfying the selector S
Rakefile or version. (if you want to have your
own version, that is fine but bump version in a commit by itself I can
ignore when I pull)Copyright (c) 2011 Simon Menke. See LICENSE for details.
FAQs
Unknown package
We found that json_select demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious PyPI checkers validate stolen emails against TikTok and Instagram APIs, enabling targeted account attacks and dark web credential sales.
Security News
The Node.js TSC opted not to endorse a feature bounty program, citing concerns about incentives, governance, and project neutrality.
Research
Security News
A look at the top trends in how threat actors are weaponizing open source packages to deliver malware and persist across the software supply chain.