Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
@inquirer/search
Advanced tools
@inquirer/search
Interactive search prompt component for command line interfaces.
npm | yarn |
---|---|
|
|
|
|
import { search, Separator } from '@inquirer/prompts';
// Or
// import search, { Separator } from '@inquirer/search';
const answer = await search({
message: 'Select an npm package',
source: async (input, { signal }) => {
if (!input) {
return [];
}
const response = await fetch(
`https://registry.npmjs.org/-/v1/search?text=${encodeURIComponent(input)}&size=20`,
{ signal },
);
const data = await response.json();
return data.objects.map((pkg) => ({
name: pkg.package.name,
value: pkg.package.name,
description: pkg.package.description,
}));
},
});
Property | Type | Required | Description |
---|---|---|---|
message | string | yes | The question to ask |
source | (term: string | void) => Promise<Choice[]> | yes | This function returns the choices relevant to the search term. |
pageSize | number | no | By default, lists of choice longer than 7 will be paginated. Use this option to control how many choices will appear on the screen at once. |
validate | Value => boolean | string | Promise<boolean | string> | no | On submit, validate the answer. When returning a string, it'll be used as the error message displayed to the user. Note: returning a rejected promise, we'll assume a code error happened and crash. |
theme | See Theming | no | Customize look of the prompt. |
source
functionThe full signature type of source
is as follow:
function(
term: string | void,
opt: { signal: AbortSignal },
): Promise<ReadonlyArray<Choice<Value> | Separator>>;
When term
is undefined
, it means the search term input is empty. You can use this to return default choices, or return an empty array.
Aside from returning the choices:
AbortSignal
is passed in to cancel ongoing network calls when the search term change.Separator
s can be used to organize the list.Choice
objectThe Choice
object is typed as
type Choice<Value> = {
value: Value;
name?: string;
description?: string;
short?: string;
disabled?: boolean | string;
};
Here's each property:
value
: The value is what will be returned by await search()
.name
: This is the string displayed in the choice list.description
: Option for a longer description string that'll appear under the list when the cursor highlight a given choice.short
: Once the prompt is done (press enter), we'll use short
if defined to render next to the question. By default we'll use name
.disabled
: Disallow the option from being selected. If disabled
is a string, it'll be used as a help tip explaining why the choice isn't available.Choices can also be an array of string, in which case the string will be used both as the value
and the name
.
The validation within the search prompt acts as a signal for the autocomplete feature.
When a list value is submitted and fail validation, the prompt will compare it to the search term. If they're the same, the prompt display the error. If they're not the same, we'll autocomplete the search term to match the value. Doing this will trigger a new search.
You can rely on this behavior to implement progressive autocomplete searches. Where you want the user to narrow the search in a progressive manner.
Pressing tab
also triggers the term autocomplete.
You can see this behavior in action in our search demo.
You can theme a prompt by passing a theme
object option. The theme object only need to includes the keys you wish to modify, we'll fallback on the defaults for the rest.
type Theme = {
prefix: string | { idle: string; done: string };
spinner: {
interval: number;
frames: string[];
};
style: {
answer: (text: string) => string;
message: (text: string, status: 'idle' | 'done' | 'loading') => string;
error: (text: string) => string;
help: (text: string) => string;
highlight: (text: string) => string;
description: (text: string) => string;
disabled: (text: string) => string;
searchTerm: (text: string) => string;
};
icon: {
cursor: string;
};
helpMode: 'always' | 'never' | 'auto';
};
theme.helpMode
auto
(default): Hide the help tips after an interaction occurs.always
: The help tips will always show and never hide.never
: The help tips will never show.import { setTimeout } from 'node:timers/promises';
import { search } from '@inquirer/prompts';
const answer = await search({
message: 'Select an npm package',
source: async (input, { signal }) => {
await setTimeout(300);
if (signal.aborted) return [];
// Do the search
fetch(...)
},
});
Copyright (c) 2024 Simon Boudrias (twitter: @vaxilart)
Licensed under the MIT license.
FAQs
Inquirer search prompt
The npm package @inquirer/search receives a total of 941,929 weekly downloads. As such, @inquirer/search popularity was classified as popular.
We found that @inquirer/search demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.