js-x-ray
estree
Our great sponsors
js-x-ray | estree | |
---|---|---|
8 | 8 | |
196 | 4,958 | |
2.0% | 1.2% | |
8.7 | 5.3 | |
7 days ago | 6 months ago | |
JavaScript | ||
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
js-x-ray
-
JS-X-Ray 6.0
If you are new in town, JS-X-Ray is an open source JavaScript SAST (Static Application Security Testing). The tool analyzes your JavaScript sources for patterns that may affect the security and quality of your project 😎.
-
📦 Everything you need to know: package managers
@nodesecure/js-x-ray, a SAST scanner (A static analyser for detecting most common malicious patterns)
-
A technical tale of NodeSecure - Chapter 2
I'm back at writing for a new technical article on NodeSecure. This time I want to focus on the SAST JS-X-Ray 🔬.
-
How to respond to growing supply chain security risks?
And it is happening right now. Github is opening the GitHub Advisory Database to community submissions. Awesome community NodeSecure builds cool things like scanner and js-x-ray. There are also lockfile-lint, LavaMoat, Jfrog-npm-tools (and I am sure there is more).
-
NodeSecure - What's new in 2022 ?
Static Analysis is powered by @nodesecure/js-x-ray and @nodesecure/scanner.
-
A technical tale of NodeSecure - Chapter 1
Execute NodeSecure/JS-X-Ray on each JavaScript files.
-
Announcing new Node-Secure back-end
JS-X-Ray - SAST Scanner
-
JS-X-Ray 3.0.0
I have been working every night of the week on a new major version of my open-source JavaScript SAST JS-X-Ray. I've been looking forward to making significant changes to the code for several months now...
estree
-
ESLint Understand By Doing Part 1: Abstract Syntax Trees
ESLint's AST format, ESTree, would represent this line of code as:
-
Eglot has landed on master: Emacs now has a built-in LSP client
That was a super interesting link, thank you.
For the ontological problem, I presume you're referring to how there are so many differing ideas of how to represent ASTs (apologies for mixing languages, these URLs were just handy):
* https://lisperator.net/uglifyjs/ast#nodes
* https://github.com/estree/estree#the-estree-spec
* ... likely others
which makes it hard for ls1 to ask ls2 about "the for-of iteration variable Node" because ls2 could be using UglifyJS or ESTree or their own(!) AST nomenclature?
And all of this is made worse by (e.g.) Java1.3 versus Java19 because languages are rarely static
-
Statements vs. Expressions
I find it better to actually look at the AST for javascript.
These are expressions:
https://github.com/estree/estree/blob/master/es5.md#expressi...
These are statements:
https://github.com/estree/estree/blob/master/es5.md#statemen...
I guess the confusing part for many is how an expression can also be a statement. But if you look at the ExpressionStatement you see that an expression is not also a statement. It's just the wrapper statement!
-
A technical tale of NodeSecure - Chapter 2
When I started the NodeSecure project I had almost no experience 🐤 with AST (Abstract Syntax Tree). My first time was on the SlimIO project to generate codes dynamically with the astring package (and I had also looked at the ESTree specification).
- Show HN: Monocle – bidirectional code generation library
-
Go is the future of Frontend infrastructure
ESTree compatible output, AST explorer on WASM
-
Introducing GraphQL-ESLint!
The parser we wrote transforms the GraphQL AST into ESTree structure, so it allows you to travel the GraphQL AST tree easily.
-
Revealing the magic of AST by writing babel plugins
For espree parser(the one eslint uses) we can refer here Eslint AST Node Types
What are some alternatives?
cli - JavaScript security CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project.
esprima - ECMAScript parsing infrastructure for multipurpose analysis
ci - NodeSecure tool enabling secured continuous integration
babel-parser
report - NodeSecure HTML & PDF report generator for any public and/or private git repositories.
escodegen - ECMAScript code generator
vulnera - Programmatically fetch security vulnerabilities with one or many strategies (NPM Audit, Sonatype, Snyk, Node.js DB).
kataw - An 100% spec compliant ES2022 JavaScript toolchain
Governance - NodeSecure Governance (Code of conduct & Contribution guidelines)
Acorn - A small, fast, JavaScript-based JavaScript parser
types - Typescript definitions for npm registry content
qwik - Instant-loading web apps, without effort