orcid / bibtexparsejs Goto Github PK

I get several warnings from npm audit, all because of bibtex-parse-js using a very old version of ava.
(which in turn uses other packages with serious security risks).

uses 0.15.2, current 4.3.3

-> Please update/upgrade your dependencies.

Note that npm install/upgrade will only update minor versions by itself not major.

Audit issues for ava are: 0.6.0 - 2.4.0

https://www.npmjs.com/package/bibtex-parse-js has fallen behind the last three years of work.

Because an old version of ava is still one of the dependencies rather than one of the devDependencies, npm audit is reporting two vulnerabilities when using npm i bibtex-parse-js.

Manual Review
Some vulnerabilities require your attention to resolve

Visit https://go.npm.me/audit-guide for additional guidance

Low Regular Expression Denial of Service

Package braces

Patched in >=2.3.1

Dependency of bibtex-parse-js

Path bibtex-parse-js > ava > chokidar > anymatch > micromatch >
braces

More info https://npmjs.com/advisories/786

High Prototype Pollution

Package dot-prop

Patched in >=4.2.1 <5.0.0 || >=5.1.1

Dependency of bibtex-parse-js

Path bibtex-parse-js > ava > update-notifier > configstore >
dot-prop

More info https://npmjs.com/advisories/1213

found 2 vulnerabilities (1 low, 1 high) in 1692 scanned packages
2 vulnerabilities require manual review. See the full report for details.

Hi there. Thanks for your work on this.

I think I may start using this project with my wordpress reference manager project that I've been working on called Academic Blogger's Toolkit.

This project seems to do its job nicely, but with one little annoyance; the author field is not formatted in CSL JSON.

Would that be something that you'd be interested in changing?

If you're not familiar, the CSL JSON author field is an array of Person typed objects, where Person has the following shape:

interface Person {
    family?: string;
    given?: string;
    'dropping-particle'?: string;
    'non-dropping-particle'?: string;
    suffix?: string;
    'comma-suffix'?: string|number|boolean;
    'static-ordering'?: string|number|boolean;
    literal?: string;
    'parse-names'?: string|number|boolean;
}

Let me know! 👍

When trying to import references in .BIB format containing non-ASCII characters with UTF-8 encoding, the non-ASCII characters are completely lost!

Here is a simple example:

% IMPORTANT: The following is UTF-8 encoded.  This means that in the presence
% of non-ASCII characters, it will not work with BibTeX 0.99 or older.
% Instead, you should use an up-to-date BibTeX implementation like �bibtex8� or
% �biber�.

@INPROCEEDINGS{Lanza:863153,
      author       = {Lanza, Giacomo and Meier, Joachim and Wiedenh�fer, Thomas
                      and Schwardmann, Ulrich},
      title        = {{I}mplementierung der {FAIR}-{P}rinzipien im
                      {F}orschungsdatenmanagement: eine {T}erminologiebasierte
                      {S}trategie f�r die inhaltliche {B}eschreibung numerischer
                      {F}aktendatens�tze},
      volume       = {23},
      address      = {J�lich},
      publisher    = {Forschungszentrum J�lich GmbH Zentralbibliothek, Verlag},
      reportid     = {FZJ-2019-03252},
      isbn         = {978-3-95806-405-8},
      series       = {Schriften des Forschungszentrums J�lich Reihe Bibliothek /
                      Library},
      pages        = {79-90},
      year         = {2019},
      comment      = {Forschungsdaten - Sammeln, sichern, strukturieren},
      booktitle     = {Forschungsdaten - Sammeln, sichern,
                       strukturieren},
      abstract     = {In der Open Science-�konomie stellen numerische
                      Faktendaten eine gro�e Herausforderung f�r die praktische
                      Umsetzung der vier FAIR-Prinzipien dar. Dies resultiert
                      einerseits aus einer un�berschaubar gro�en Anzahl von
                      Datens�tzen und andererseits aus einer gro�en Vielfalt an
                      in unterschiedlichen Disziplinen verwendeten
                      Datenstrukturen. Diese Heterogenit�t erschwert den
                      Vergleich von Forschungsdatenstrukturen unterschiedlichen
                      Ursprungs, sowie die Festlegung eines einheitlichen
                      Standards zu ihrer Beschreibung mittels Metadaten.
                      Beispielsweise sieht das gebr�uchliche
                      DataCite-Metadatenschema keine Felder f�r eine detaillierte
                      Beschreibung zus�tzlich zur Angabe frei zu vergebender �
                      und damit unkontrollierter � Schlagworte vor. Vor diesem
                      Hintergrund ist bereits die erste Stufe der FAIR-Prinzipien,
                      die Auffindbarkeit (Findability), nur unzureichend zu
                      realisieren. Zielgerichtetes, feingranulares Suchen und
                      pr�zises Finden au fDatenrepositorien-�bergreifender Ebene
                      ist aktuell nicht m�glich. [...]},
      month         = {Jun},
      date          = {2019-06-04},
      organization  = {8. Konferenz der Zentralbibliothek,
                       Forschungszentrum J�lich, J�lich
                       (Germany), 4 Jun 2019 - 6 Jun 2019},
      pnm          = {899 - ohne Topic (POF3-899)},
      pid          = {G:(DE-HGF)POF3-899},
      typ          = {PUB:(DE-HGF)8 / PUB:(DE-HGF)7},
      url          = {https://juser.fz-juelich.de/record/863153},
}

Thanks in advance,
Giacomo

Hi,

I found a scenario generated from scopus.com that is preventing to parser the bibtex using the toJSON method, resulting in error.

@Article{EuropeanCommission,T2019,
author={European Commission, T},
title={The new SME definition: User guide and model declaration},
journal={Enterprise and Industry Publications},
year={2019},
note={cited By 20},
source={Scopus},
}

I believe that the problem is in the bibtex key "EuropeanCommission,T2019". Do you think it's valid to implement some kind of treatment for this scenario, mainly because it was found in a reliable source (scopus)?

https://bibtex.online/ is parsing successfully. It can be interesting to accept any type of character or simply cut the key when finding invalid characters.

Trying to add a publication with bibtex on the ORCID sandbox, I can see that the form tries to check that I input valid Bibtex code.

However, some very simple inputs like this one pass your checks:

@Article{lieth2001,title={This title is not finished

Could you outline whats the difference between the two repos?

Hey,

I tried to use your library to validate some bibtex inputs.
At first I tried it while typing but sometimes it would just hang.
So I changed to validate on submit but in the rare condition of an open quote and a non-closed curly delimiter you library runs into a endless loop.

I also checked your test suite and it seems that this is not covered.

This affects Chrome 61.0.3163.100 (Official Build) (64-bit) as well as Firefox 56.0 (64-bit).

This is a snippet of what I used to crash the library:

@article{smolvcic2009dust,
	  title={The Dust-Unbiased Cosmic Star-Formation History from the 20 CM VLA-COSMOS Survey},
	  author={Smol{\v{c}}i{\'c}, V and Schinnerer, E and Zamorani, G and Bell, EF and Bondi, M and Carilli, CL and Ciliegi, P and Mobasher, B and Paglione, T and Scodeggio, M and others},
	  journal={The Astrophysical Journal},
	  volume="

The original library had methods to handle @string declarations; they've been removed for some reason.

Hello,

I'm using bibtexParseJs for reading references from InspireHEP (a comprehensive database of papers in High Energy Physics).

InspireHEP BibTeX output is as follows (note the title and SLACcitation fields):

@article{Chen:2014oha,
      author         = "Chen, Chien-Yi and Davoudiasl, Hooman and Kim, Doojin",
      title          = "{Warped Graviton "Z + Missing Energy" Signal at Hadron
                        Colliders}",
      journal        = "Phys.Rev.",
      volume         = "D89",
      pages          = "096007",
      doi            = "10.1103/PhysRevD.89.096007",
      year           = "2014",
      eprint         = "1403.3399",
      archivePrefix  = "arXiv",
      primaryClass   = "hep-ph",
      SLACcitation   = "%%CITATION = ARXIV:1403.3399;%%",
}

Title may contain quote characters (as well as latex formatting), I think it is valid since a couple of braces embeds those characters. Moreover the SLACcitation field use the % symbol -not sure it is valid.

bibtexParseJs cannot parse the above bibtex entry because of the quote character and the percentage symbol.

Do you have a solution or a hint for the quote (") problem?

Hello,

Don't want to presume too much but I've been developing bibtex Parser in Go that
compiles to JavaScript. I can easily add a compatible bibtexParse object.
If I happen to solve some of the problems in my parser mentioned in

http://support.orcid.org/forums/175591-orcid-ideas-forum/suggestions/6822051-bibtex-import-is-flaky

would be you interested in my results? I am targetting both NodeJS and Browser with the
JavaScript I'm producing.

Thanks,

Robert

This is mostly a question, which is not very related to this project.

Is it also possible to create BibTeX again from the parsed structure? Are you aware of any js library which is able to do that?

I've imported bibtexParseJS into https://github.com/nickbailey/SMR-Web/tree/master/js as a submodule: it's a public website for an open academic journal (see picture).

I'm using the export to create user-copyable bibtex entries from BibTeX data. You say in the comments that you wrote the export in a hurry, but it appears to work just fine. I would suggest that the output be beautified more than it is. I suggest the rather trivial following diff.

patch.txt

I don't know if this is consistent with your philosophy, and I'm not competent in JavaScript, but I thought I should at least let you have the diff and the report that bibtexParseJs is working very well here.

Thanks!

It seems that all citation keys are automatically converted to uppercase. It would be nice to preserve the original case for display purposes.

Currently, the ORCID importer doesn't support a date format such as date = {2010-10-13}. The software I have tried (Zotero (with and without BetterBibTex) and JabRef) export only year = {2010} and month = oct, without any field for day. So the import into ORCID doesn't have the full date, which is needed for newspaper articles.

This, and a host of other issues, would be solved if support for BibLaTeX were added (and it would be even more ideal if CSL JSON could also be parsed).

Is this something you would consider?

Hi all,

I noticed that when JabRef writes to the database file (.bib) it adds @Comment lines to save its preferences but its format seems to be unsupported by your library.

Should the comment rule be loosen up? Should I just remove my @Comment tags before processing it with bibtexParseJs?

Here is what JabRef comments look like:

@Comment{jabref-meta: databaseType:bibtex;}

@Comment{jabref-meta: saveActions:enabled;
date[normalize_date]
editor[unicode_to_latex]
pages[normalize_page_numbers]
journal[unicode_to_latex]
month[normalize_month]
author[unicode_to_latex]
all-text-fields[ordinals_to_superscript]
title[html_to_latex,unicode_to_latex]
booktitle[unicode_to_latex]
;}

@Comment{jabref-meta: saveOrderConfig:specified;bibtexkey;false;author;false;abstract;false;}

The app Papers for Mac produces the following BibTeX:

@article{vanWoesik:2006ti,
author = {van Woesik, R and Lacharmoise, F and Koksal, S},
title = {{Annual cycles of solar insulation predict spawning times of Caribbean corals}},
journal = {Ecology Letters},
year = {2006},
volume = {9},
pages = {390--398},
month = jan
}

The problematic part is month = jan, it's not month = {jan}.
bibtexParseJs has trouble parsing this BibTeX.

/cc @lucaspelloni2

Those interested in parsing BibTeX, for example for ORCID, might also want to check out https://github.com/plk/biber