Gathering detailed insights and metrics for code-red
Gathering detailed insights and metrics for code-red
Gathering detailed insights and metrics for code-red
Gathering detailed insights and metrics for code-red
npm install code-red
Typescript
Module System
Node Version
NPM Version
JavaScript (100%)
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
MIT License
335 Stars
210 Commits
22 Forks
5 Watchers
3 Branches
11 Contributors
Updated on Mar 06, 2025
Latest Version
1.0.4
Package Id
code-red@1.0.4
Unpacked Size
53.89 kB
Size
13.82 kB
File Count
11
NPM Version
9.5.0
Node Version
18.15.0
Published on
Aug 11, 2023
Cumulative downloads
Total Downloads
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
4
Experimental toolkit for writing x-to-JavaScript compilers. It is used in Svelte.
The code-red
package exposes three core functions — b
, x
and print
.
b
and x
take a template literal and return an ESTree program body, or a single node:
1import { b, x } from 'code-red'; 2 3const expression = x`i + j`; 4 5assert.equal(expression.type, 'AssignmentExpression'); 6assert.equal(expression.operator, '+'); 7assert.equal(expression.left.name, 'i'); 8assert.equal(expression.right.name, 'j'); 9 10const body = b` 11 const i = 1; 12 const j = 2; 13 const k = i + j; 14`; 15 16assert.equal(body.length, 3); 17assert.equal(body[0].type, 'VariableDeclaration');
Expressions in template literals correspond to replacement nodes — so you could express the above like so:
1const i = x`i`; 2const j = x`j`; 3const expression = x`${i} + ${j}`; 4 5const body = b` 6 const ${i} = 1; 7 const ${j} = 2; 8 const k = ${expression}; 9`;
The print
function takes a node and turns it into a {code, map}
object:
1const add = x` 2 function add(${i}, ${j}) { 3 return ${expression}; 4 } 5`; 6 7print(add).code; 8/* 9function add(i, j) { 10 return i + j; 11} 12*/ 13 14i.name = 'foo'; 15j.name = 'bar'; 16 17print(add).code; 18/* 19function add(foo, bar) { 20 return foo + bar; 21} 22*/
@
-prefixed names (replaceable globals)So that you can use globals in your code. In Svelte, we use this to insert utility functions.
1// input 2import { x } from 'code-red'; 3x`@foo(bar)` 4 5// output 6FOO(bar)
#
-prefixed names (automatically deconflicted names)So that you can insert variables in your code without worrying if they clash with existing variable names.
bar
used in user code and in inserted code gets a $1
suffix:
1// input 2import { x } from 'code-red'; 3x` 4function foo(#bar) { 5 return #bar * bar; 6}`; 7 8// output 9function foo(bar$1) { 10 return bar$1 * bar; 11}
Without conflicts, no $1
suffix:
1// input 2import { b } from 'code-red'; 3b`const foo = #bar => #bar * 2`; 4 5// output 6const foo = bar => bar * 2;
TODO add an optimiser that e.g. collapses consecutive identical if blocks
TODO add a code-red/compiler
module that replaces template literals with the nodes they evaluate to, so that there's nothing to parse at runtime.
TODO support source mappings for inserted nodes with location information.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
Reason
0 existing vulnerabilities detected
Reason
Found 3/15 approved changesets -- score normalized to 2
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
Reason
project is not fuzzed
Details
Reason
branch protection not enabled on development/release branches
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More