Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@digitak/esrun
Advanced tools
Execute directly your Typescript/Javascript(with ES modules) files using Esbuild
Execute your Typescript or modern Javascript files without having to use a bundler. This is useful for quick demonstrations or when launching your tests written in Typescript.
This library is a thin wrapper around esbuild which compiles Typescript almost instantly.
Install the library globally or locally with your favorite package manager.
npm i -D @digitak/esrun
Then you can execute any Typescript file in the same way Node would execute a Javascript file.
esrun foo.ts
# or use shortened form :
esr foo.ts
You can pass arguments to the process :
esrun foo.ts --option=bar
All file dependencies will be bundled and executed as well.
If the given entry point is a folder, the following actions will be executed in order to find the right entry file :
main
field. The entry file will be the value of the main
field, relative to the package.json directory.index.ts
file exists in the given folder..ts
extension exists in the given folder.main.ts
file exists in the given folder.index.js
file exists in the given folder..js
extension exists in the given folder.main.js
file exists in the given folder.The library exports a single function that you can use to programmatically execute a Typescript file.
import esrun from '@digitak/esrun'
esrun(filePath: string, arguments: string[]): unknown
FAQs
Execute directly your Typescript files using Esbuild
The npm package @digitak/esrun receives a total of 9,451 weekly downloads. As such, @digitak/esrun popularity was classified as popular.
We found that @digitak/esrun demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.