estree
cli
estree | cli | |
---|---|---|
8 | 12 | |
5,091 | 367 | |
0.6% | 0.8% | |
3.2 | 8.7 | |
2 months ago | 7 days ago | |
JavaScript | ||
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
estree
-
ESLint Understand By Doing Part 1: Abstract Syntax Trees
ESLint's AST format, ESTree, would represent this line of code as:
-
Eglot has landed on master: Emacs now has a built-in LSP client
That was a super interesting link, thank you.
For the ontological problem, I presume you're referring to how there are so many differing ideas of how to represent ASTs (apologies for mixing languages, these URLs were just handy):
* https://lisperator.net/uglifyjs/ast#nodes
* https://github.com/estree/estree#the-estree-spec
* ... likely others
which makes it hard for ls1 to ask ls2 about "the for-of iteration variable Node" because ls2 could be using UglifyJS or ESTree or their own(!) AST nomenclature?
And all of this is made worse by (e.g.) Java1.3 versus Java19 because languages are rarely static
-
Statements vs. Expressions
I find it better to actually look at the AST for javascript.
These are expressions:
https://github.com/estree/estree/blob/master/es5.md#expressi...
These are statements:
https://github.com/estree/estree/blob/master/es5.md#statemen...
I guess the confusing part for many is how an expression can also be a statement. But if you look at the ExpressionStatement you see that an expression is not also a statement. It's just the wrapper statement!
-
A technical tale of NodeSecure - Chapter 2
When I started the NodeSecure project I had almost no experience 🐤 with AST (Abstract Syntax Tree). My first time was on the SlimIO project to generate codes dynamically with the astring package (and I had also looked at the ESTree specification).
- Show HN: Monocle – bidirectional code generation library
-
Go is the future of Frontend infrastructure
ESTree compatible output, AST explorer on WASM
-
Introducing GraphQL-ESLint!
The parser we wrote transforms the GraphQL AST into ESTree structure, so it allows you to travel the GraphQL AST tree easily.
-
Revealing the magic of AST by writing babel plugins
For espree parser(the one eslint uses) we can refer here Eslint AST Node Types
cli
-
Securizing your GitHub org
📢 By the way NodeSecure CLI has a first-class support of the scorecard.
-
JS-X-Ray 6.0
Those information are visible in the NodeSecure CLI interface:
-
📦 Everything you need to know: package managers
@nodesecure/cli, a CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project
-
Announcing NodeSecure Vulnera
Fun fact: its first contribution 🐤 on NodeSecure was also on the old version of the code Scanner that managed vulnerabilities.
- GitHub - NodeSecure/cli: JavaScript security CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project.
-
A technical tale of NodeSecure - Chapter 2
When NodeSecure was a single project the AST analysis was at most a few hundred lines in two or three JavaScript files. All the logic was coded with if and else conditions directly in the walker 🙈.
-
NodeSecure - What's new in 2022 ?
View on GitHub
-
Detect Marak Squires packages with NodeSecure
NodeSecure can now detect packages created by Marak and it will generate a global warning ⚠️.
-
Node-Secure v0.9.0
After more than ten long months of work we are finally there 😵! Version 0.9.0 has been released on npm 🚀.
-
Announcing new Node-Secure back-end
Nsecure
What are some alternatives?
esprima - ECMAScript parsing infrastructure for multipurpose analysis
catalyst - Catalyst is a set of patterns and techniques for developing components within a complex application.
babel-parser
ci - NodeSecure tool enabling secured continuous integration
escodegen - ECMAScript code generator
js-x-ray - JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
babel-handbook - :blue_book: A guided handbook on how to use Babel and how to create plugins for Babel.
scanner - ⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine!
kataw - An 100% spec compliant ES2022 JavaScript toolchain
rc - NodeSecure runtime configuration
Acorn - A small, fast, JavaScript-based JavaScript parser
vuln - Programmatically fetch security vulnerabilities with one or many strategies (NPM Audit, Sonatype, Snyk, Node.js DB). [Moved to: https://github.com/NodeSecure/vulnera]