Gathering detailed insights and metrics for vscode-textmate-webpack
Gathering detailed insights and metrics for vscode-textmate-webpack
A library that helps tokenize text using Text Mate grammars.
Installations
npm install vscode-textmate-webpackDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Score
76
Supply Chain
95.5
Quality
75
Maintenance
100
Vulnerability
98.9
License
Languages
32
TypeScript
JavaScript
SCSS
Groovy
CSS
HTML
Python
Perl
Ruby
PowerShell
Objective-C
Go
Clojure
Handlebars
Less
C++
Visual Basic .NET
C
PHP
F#
Shell
CoffeeScript
Java
Makefile
Rust
Batchfile
Dockerfile
R
ShaderLab
Lua
Swift
Pug
TypeScript (83.52%)
JavaScript (2.33%)
SCSS (2.25%)
Groovy (1.47%)
CSS (1.22%)
HTML (0.94%)
Python (0.79%)
Perl (0.72%)
Ruby (0.64%)
PowerShell (0.53%)
Objective-C (0.52%)
Go (0.46%)
Clojure (0.45%)
Handlebars (0.4%)
Less (0.38%)
C++ (0.37%)
Visual Basic .NET (0.33%)
C (0.31%)
PHP (0.3%)
F# (0.24%)
Shell (0.24%)
CoffeeScript (0.22%)
Java (0.21%)
Makefile (0.21%)
Rust (0.2%)
Batchfile (0.18%)
Dockerfile (0.16%)
R (0.14%)
ShaderLab (0.12%)
Lua (0.09%)
Swift (0.08%)
Pug (0.01%)
Developer
Microsoft
Download Statistics
Total Downloads
1,192
Last Day
1
Last Week
2
Last Month
10
Last Year
105
GitHub Statistics
MIT License
624 Stars
473 Commits
118 Forks
57 Watchers
5 Branches
71 Contributors
Updated on Jul 01, 2025
Bundle Size
47.97 kB
Minified
13.33 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
3.3.3
Package Id
vscode-textmate-webpack@3.3.3
Unpacked Size
488.53 kB
Size
90.35 kB
File Count
63
Total Downloads
Cumulative downloads
Total Downloads
1,192
Dependencies
2
Dev Dependencies
7
VSCode TextMate 
An interpreter for grammar files as defined by TextMate. Supports loading grammar files from JSON or PLIST format. Cross - grammar injections are currently not supported.
Installing
1npm install vscode-textmate
Using
1var Registry = require('vscode-textmate').Registry; 2var registry = new Registry(); 3var grammar = registry.loadGrammarFromPathSync('./javascript.tmbundle/Syntaxes/JavaScript.plist'); 4 5var lineTokens = grammar.tokenizeLine('function add(a,b) { return a+b; }'); 6for (var i = 0; i < lineTokens.tokens.length; i++) { 7 var token = lineTokens.tokens[i]; 8 console.log('Token from ' + token.startIndex + ' to ' + token.endIndex + ' with scopes ' + token.scopes); 9}
Using asynchronously
Sometimes, it is necessary to manage the list of known grammars outside of vscode-textmate. The sample below shows how this works:
1var Registry = require('vscode-textmate').Registry; 2 3var registry = new Registry({ 4 getFilePath: function (scopeName) { 5 // Return here the path to the grammar file for `scopeName` 6 if (scopeName === 'source.js') { 7 return './javascript.tmbundle/Syntaxes/JavaScript.plist'; 8 } 9 return null; 10 } 11}); 12 13// Load the JavaScript grammar and any other grammars included by it async. 14registry.loadGrammar('source.js', function(err, grammar) { 15 if (err) { 16 console.error(err); 17 return; 18 } 19 20 // at this point `grammar` is available... 21}); 22
Tokenizing multiple lines
To tokenize multiple lines, you must pass in the previous returned ruleStack.
1var ruleStack = null; 2for (var i = 0; i < lines.length; i++) { 3 var r = grammar.tokenizeLine(lines[i], ruleStack); 4 console.log('Line: #' + i + ', tokens: ' + r.tokens); 5 ruleStack = r.ruleStack; 6}
API doc
See the main.ts file
Developing
- Clone the repository
- Run
npm install - Compile in the background with
npm run watch - Run tests with
npm test - Run benchmark with
npm run benchmark - Troubleshoot a grammar with
npm run inspect -- PATH_TO_GRAMMAR PATH_TO_FILE
Code of Conduct
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
all changesets reviewed
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: found token with 'none' permissions: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
no binaries found in the repo
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'
- Warn: 'stale review dismissal' is disabled on branch 'main'
- Warn: required approving review count is 1 on branch 'main'
- Warn: codeowners review is required - but no codeowners file found in repo
- Info: 'last push approval' is required to merge on branch 'main'
- Info: status check found to merge onto on branch 'main'
- Info: PRs are required in order to make changes on branch 'main'
Reason
3 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/vscode-textmate/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/vscode-textmate/ci.yml/main?enable=pin
- Warn: containerImage not pinned by hash: test-cases/themes/tests/Dockerfile:1: pin your Docker image by updating ubuntu to ubuntu@sha256:b59d21599a2b151e23eea5f6602f4af4d7d31c4e236d22bf0b62b86d2e386b8f
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 containerImage dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
6.5
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More