pfff
ocaml-tree-sitter-semgrep
pfff | ocaml-tree-sitter-semgrep | |
---|---|---|
6 | 2 | |
2,422 | 1 | |
- | - | |
0.0 | 8.3 | |
about 5 years ago | 11 days ago | |
OCaml | JavaScript | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pfff
-
AST-grep(sg) is a CLI tool for code structural search, lint, and rewriting
Hi, ast-grep author here. This is a great question and I asked this in the first place before I started the hobby project.
TLDR; I designed ast-grep to be on different tracks than semgrep.
Semgrep is for security and ast-grep is for development.
First and foremost, I have always been in awe of semgrep. Semgrep's documentation, product sites and Padioleau's podcast all gave me a lot of inspiration. Using code to find code is such a cool idea that I never need to craft an intricate regex or write a lengthy AST program. sgrep and patch from https://github.com/facebookarchive/pfff/wiki/Sgrep have helped me a lot in real large codebases.
When I used semgrep as a software engineer, instead of a security researcher, I found semgrep has not touched too much on routine development works. I can use `semgrep -e PATTERN` but the Python wrapper is not too fast compared to grep.
-
Interesting ocaml mention in buck2 by fb
Meta/Facebook are long time OCaml users, their logo is on the OCaml website. Their static analysis tool and its predecessor are both written in OCaml.
-
What's wrong with static-analysis autofix/codemod tools? Why don't we use them more, across the industry? What's your experience?
Over the decades, there's been so very many attempts to address this conundrum; and yet, ...
- Show HN: Semgrep App
- Show HN: Visualizing a Codebase
ocaml-tree-sitter-semgrep
-
Show HN: Semgrep App
Technically, OCaml only applies to Semgrep, as the app which is the subject of this post uses a more neo-traditional Python & TypeScript stack :)
I don't have full context on the parser core, but I do know that a major thing we've got going for OCaml is a translation layer we wrote for getting OCaml code generated based on tree-sitter grammars: https://github.com/returntocorp/ocaml-tree-sitter-semgrep
-
Semgrep: Like Grep but for Code
https://github.com/returntocorp/ocaml-tree-sitter/blob/maste... appears to be the general answer to your question, but navigating to the tree-sitter docs shows that tree-sitter has one in progress: https://github.com/tree-sitter/tree-sitter-swift so hopefully the machinery to incorporate it into semgrep will not be horrific
What are some alternatives?
WhiteBeam - WhiteBeam: Transparent endpoint security
semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
flow - Adds static typing to JavaScript to improve developer productivity and code quality.
tree-sitter-swift - Swift grammar for tree-sitter
vircadia-native-core - Vircadia open source agent-based metaverse ecosystem.
tree-sitter-swift - A tree-sitter grammar for the Swift programming language.
syntax-searcher - Language-independent command-line utility for syntax-aware pattern matching.
terraform-provider-aws - The AWS Provider enables Terraform to manage AWS resources.
infer - A static analyzer for Java, C, C++, and Objective-C
CCGrep - Code Clone Detector like grep
HHVM - A virtual machine for executing programs written in Hack.
Bear - Bear is a tool that generates a compilation database for clang tooling.