Gathering detailed insights and metrics for @ltd/acorn-globals
Gathering detailed insights and metrics for @ltd/acorn-globals
Installations
npm install @ltd/acorn-globalsDeveloper Guide
BETA
Typescript
No
Module System
N/A
Node Version
14.17.6
NPM Version
6.14.15
Score
71.5
Supply Chain
90.2
Quality
75.8
Maintenance
100
Vulnerability
81.3
License
Releases
Unable to fetch releases
Contributors
1
Unable to fetch Contributors
Languages
2
TypeScript
JavaScript
TypeScript (93.35%)
JavaScript (6.65%)
Developer
LongTengDao
Download Statistics
Total Downloads
3,503
Last Day
2
Last Week
3
Last Month
49
Last Year
294
GitHub Statistics
19 Commits
2 Watching
1 Branches
1 Contributors
Bundle Size
11.10 kB
Minified
3.39 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
3.0.0
Package Id
@ltd/acorn-globals@3.0.0
Unpacked Size
32.29 kB
Size
8.20 kB
File Count
5
NPM Version
6.14.15
Node Version
14.17.6
Total Downloads
Cumulative downloads
Total Downloads
3,503
Last day
100%
2
Compared to previous day
Last week
-81.3%
3
Compared to previous week
Last month
1,533.3%
49
Compared to previous month
Last year
-57.3%
294
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Versions
@ltd/acorn-globals
Important Notes
This package is adapted from acorn-globals.
When I found improvable things in use, I submitted some PR for to improve it together.
But there's one thing I think it's not a defect, but a requirement for most people, but not for me, so I can only publish a modified package.
The major difference is that acorn-globals automatically ignores references to global variable undefined, while @ltd/acorn-globals reserves it to decide in user land.
At the same time, if the input is not a Program node whose sourceType is not module, the variable names declared at top-level will also be included in the output.
Other differences
-
License: From
MITtoLGPL-3.0, almost same unlimited for using, while the difference is that if the package itself is modified, it must be released as open source with the same license. -
Host Requirement: Because it is a back-end package, it uses ES 6+ feature.
-
Reduce the API: The the main export function only accepts the parsed
ASTobject as argument, not thecodestring andoptionsarguments, and noparsemethod exported. Because users may use different versions and grammar plug-ins with differentoptionsin different cases, I don't want too much coupling. -
Parameter Read-Only: No modification of
ASTargument (acorn-globalsmodified thelocalsandparentsproperties of nodes). -
Return Value: The return value is changed from
{ name :string, nodes :Node[] }[]toMap<string, Node[]> & { names (): string[], nodes () :Node[] }.
1const find = require('@ltd/acorn-globals'); 2const AST = require('acorn')/*.Parser.extend(plugin)*/.parse(code/*, options*/); 3const globals = find(AST); 4console.log(globals.names());
重要说明
这个包改编自 acorn-globals。
我在使用中发现可以改进的地方时,都第一时间提交了 PR 以共同完善。
但是其中有一处我认为是它的功能而非缺陷,也是多数人的需求,但不是我的需求,因而只能单独发布一个修改后的包。
这个最重要的差异就是,acorn-globals 会自动忽略对于全局变量 undefined 的引用,而 @ltd/acorn-globals 会保留,供用户自行取舍。
同时,如果传入的不是 sourceType 属性为 "module" 的 Program 节点,那么顶层声明的变量名也会列入全局名录。
其它不同
-
许可协议:从
MIT变为LGPL-3.0,使用上一样,几乎就是没限制,主要区别是如果对包本身进行了改造,则必须以同样许可协议开源发布。 -
宿主要求:由于是后端用包,使用了 ES 6 以上的特性。
-
缩小接口:模块主导出函数只接受解析后的
AST对象作为参数,而不接受code字符串和options,同时取消导出parse方法函数,以尽可能解除耦合,满足用户对不同acorn版本、语法插件、options的需求。 -
参数只读:不对
AST参数作修改(acorn-globals中修改了节点的locals和parents属性)。 -
返回形式:返回值从
{ name :string, nodes :Node[] }[]改为Map<string, Node[]> & { names () :string[], nodes () :Node[] }。
1const find = require('@ltd/acorn-globals'); 2const AST = require('acorn')/*.Parser.extend(plugin)*/.parse(code/*, options*/); 3const globals = find(AST); 4console.log(globals.names());
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: GNU Lesser General Public License v3.0: LICENSE:0
Reason
Found 0/19 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Score
3
/10
Last Scanned on 2025-01-27
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More