ocaml-tree-sitter-semgrep
pfff
ocaml-tree-sitter-semgrep | pfff | |
---|---|---|
2 | 6 | |
1 | 2,422 | |
- | - | |
8.3 | 0.0 | |
11 days ago | about 5 years ago | |
JavaScript | OCaml | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ocaml-tree-sitter-semgrep
-
Show HN: Semgrep App
Technically, OCaml only applies to Semgrep, as the app which is the subject of this post uses a more neo-traditional Python & TypeScript stack :)
I don't have full context on the parser core, but I do know that a major thing we've got going for OCaml is a translation layer we wrote for getting OCaml code generated based on tree-sitter grammars: https://github.com/returntocorp/ocaml-tree-sitter-semgrep
-
Semgrep: Like Grep but for Code
https://github.com/returntocorp/ocaml-tree-sitter/blob/maste... appears to be the general answer to your question, but navigating to the tree-sitter docs shows that tree-sitter has one in progress: https://github.com/tree-sitter/tree-sitter-swift so hopefully the machinery to incorporate it into semgrep will not be horrific
pfff
-
AST-grep(sg) is a CLI tool for code structural search, lint, and rewriting
Hi, ast-grep author here. This is a great question and I asked this in the first place before I started the hobby project.
TLDR; I designed ast-grep to be on different tracks than semgrep.
Semgrep is for security and ast-grep is for development.
First and foremost, I have always been in awe of semgrep. Semgrep's documentation, product sites and Padioleau's podcast all gave me a lot of inspiration. Using code to find code is such a cool idea that I never need to craft an intricate regex or write a lengthy AST program. sgrep and patch from https://github.com/facebookarchive/pfff/wiki/Sgrep have helped me a lot in real large codebases.
When I used semgrep as a software engineer, instead of a security researcher, I found semgrep has not touched too much on routine development works. I can use `semgrep -e PATTERN` but the Python wrapper is not too fast compared to grep.
-
Interesting ocaml mention in buck2 by fb
Meta/Facebook are long time OCaml users, their logo is on the OCaml website. Their static analysis tool and its predecessor are both written in OCaml.
-
What's wrong with static-analysis autofix/codemod tools? Why don't we use them more, across the industry? What's your experience?
Over the decades, there's been so very many attempts to address this conundrum; and yet, ...
- Show HN: Semgrep App
- Show HN: Visualizing a Codebase
What are some alternatives?
semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
WhiteBeam - WhiteBeam: Transparent endpoint security
tree-sitter-swift - Swift grammar for tree-sitter
flow - Adds static typing to JavaScript to improve developer productivity and code quality.
tree-sitter-swift - A tree-sitter grammar for the Swift programming language.
vircadia-native-core - Vircadia open source agent-based metaverse ecosystem.
terraform-provider-aws - The AWS Provider enables Terraform to manage AWS resources.
syntax-searcher - Language-independent command-line utility for syntax-aware pattern matching.
CCGrep - Code Clone Detector like grep
infer - A static analyzer for Java, C, C++, and Objective-C
Bear - Bear is a tool that generates a compilation database for clang tooling.
HHVM - A virtual machine for executing programs written in Hack.