Gathering detailed insights and metrics for periscopic
Utility for analyzing scopes belonging to an ESTree-compliant AST
Installations
npm install periscopicDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Node Version
16.20.2
NPM Version
8.19.4
Releases
Unable to fetch releases
Contributors
6
Unable to fetch Contributors
Languages
1
JavaScript
JavaScript (100%)
Developer
Rich-Harris
Download Statistics
Total Downloads
132,603,358
Last Day
117,296
Last Week
769,042
Last Month
7,213,984
Last Year
85,031,561
GitHub Statistics
96 Stars
74 Commits
8 Forks
5 Watching
1 Branches
6 Contributors
Bundle Size
3.18 kB
Minified
1.17 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
4.0.2
Package Id
periscopic@4.0.2
Unpacked Size
10.48 kB
Size
3.67 kB
File Count
6
NPM Version
8.19.4
Node Version
16.20.2
Publised On
10 Sept 2023
Total Downloads
Cumulative downloads
Total Downloads
132,603,358
Last day
-9.2%
117,296
Compared to previous day
Last week
-53%
769,042
Compared to previous week
Last month
-4.4%
7,213,984
Compared to previous month
Last year
128%
85,031,561
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
3
Dev Dependencies
4
Versions
periscopic
Utility for analyzing scopes belonging to an ESTree-compliant AST.
API
1import { analyze } from 'periscopic'; 2 3const ast = acorn.parse(` 4const a = b; 5console.log(a); 6`); 7 8const { map, globals, scope } = analyze(ast);
mapis aWeakMap<Node, Scope>, where the keys are the nodes of your AST that create a scopeglobalsis aMap<string, Node>of all the identifiers that are referenced without being declared anywhere in the program (in this case,bandconsole)scopeis the top-levelScopebelonging to the program
Scope
Each Scope instance has the following properties:
scope.block— true if the scope is created by a block statement (i.e.let,constandclassare contained to it), false otherwisescope.parent— the parent scope objectscope.declarations— aMap<string, Node>of all the variables declared in this scope, the node value referes to the declaration statementscope.initialised_declarations— aSet<string>of all the variables declared and initialised in this scopescope.references— aSet<string>of all the names referenced in this scope (or child scopes)
It also has two methods:
scope.has(name)— returnstrueifnameis declared in this scope or an ancestor scopescope.find_owner(name)— returns the scope object in whichnameis declared (ornullif it is not declared)
extract_identifiers and extract_names
This package also exposes utilities for extracting the identifiers contained in a declaration or a function parameter:
1import { extract_identifiers, extract_names } from 'periscopic'; 2 3const ast = acorn.parse(` 4const { a, b: [c, d] = e } = opts; 5`); 6 7const lhs = ast.body[0].declarations[0].id; 8 9extract_identifiers(lhs); 10/* 11[ 12 { type: 'Identifier', name: 'a', start: 9, end: 10 }, 13 { type: 'Identifier', name: 'c', start: 16, end: 17 }, 14 { type: 'Identifier', name: 'd', start: 19, end: 20 } 15] 16*/ 17 18extract_names(lhs); 19/* 20['a', 'c', 'd'] 21*/
License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 existing vulnerabilities detected
Reason
Found 5/15 approved changesets -- score normalized to 3
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/Rich-Harris/periscopic/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/Rich-Harris/periscopic/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/Rich-Harris/periscopic/ci.yml/master?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 21 are checked with a SAST tool
Score
3.7
/10
Last Scanned on 2025-01-13
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More