Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@magic/cli
Advanced tools
declarative command line interfaces with aliasing, commands and environment sanitization
declarative cli sanitization and execution for @magic
sanitizes cli flags from aliases to default names
rewrites process.argv accordingly
provides autogenerated --help output (that can be customized)
also handles commands and environment for you
@magic/log and @magic/types have no dependencies.
be in a nodejs project.
npm i --save-dev @magic/cli
there are some quirks that need some careful consideration when designing a cli api depending on your requirements, these caveats should seldomly apply.
those issues might get addressed in the future.
full api:
first we have to define the cli.mjs file in a commonjs file:
// ./bin.js
#!/usr/bin/env node
const path = require('path')
const spawn = require('@magic/cli')
const cmd = path.join(process.cwd(), 'path', 'to', 'your', 'bin.mjs')
const args = ['--array', 'of', 'flags', cmd]
const executable = 'node' // node is default value
spawn(args, [executable])
then we can write the bin.mjs file:
// ./bin.mjs
import { cli } from '@magic/cli/src/index.mjs'
const { argv, env, commands } = cli({
commands: [
['cmd1', 'cmd1alias'],
'cmd2',
],
options: [
['--flag1', '-f1'],
['--flag2', '-f2'],
],
default: [
['--default-key', 'default-value'],
],
env: [[['--production', '--prod', '--p', '-p'], 'NODE_ENV', 'production']],
pure: true, // do neither change process.argv nor process.env
pureArgv: true, // do not change process.argv
pureEnv: true, // do not change process.env
})
argv mappings handle options and option aliases
using the cli file above
bin.js -f1 arg1 arg2 -f2
resulting process.argv:
process.argv = [
'/path/to/bin/node',
'/path/to/bin.js',
'--flag1'
'arg1',
'arg2',
'--flag2',
]
resulting javascript object
```javascript
argv === { '--flag1': ['arg1', arg2], '--flag2': []}
cli commands can be handled too.
const cli = require('@magic/cli')
const args = {
commands: [
['dev', 'development', 'start'],
'serve',
],
}
const argv = cli(args)
// call
./bin.js dev serve
// results:
{
cmds: ['dev', 'serve'],
commands: ['dev', 'serve'],
}
@magic/cli will parse your configuration and create a help text based on it.
const cli = require('@magic/cli')
const args = {
commands: [['magic', 'm']],
options: [['--spell', '-s']],
env: [[['dev', 'development'], 'NODE_ENV', 'development']],
help: 'custom help text',
}
const argv = cli(args)
// running
./bin.js
// without arguments
// help output
`
@magic/cli wrapped cli.
custom help text
cli commands
magic - aliases: ["m"]
possible command line flags:
--spell - aliases: ["-s"]
environment switches:
dev: set NODE_ENV to development - aliases ["development"]
`
the help property will accept an object which maps to the args object
const cli = require('@magic/cli')
const args = {
commands: [['magic', 'm']],
options: [['--spell', '-s']],
env: [[['dev', 'development'], 'NODE_ENV', 'development']],
prepend: 'prepend',
append: 'append',
help: {
name: 'cli name',
text: 'custom help text',
commands: {
magic: 'magic info help text',
},
options: {
'--spell': 'cast a simple spell',
},
env: ['dev', 'set environment to development'],
},
}
const argv = cli(args)
// running
./bin.js
// without arguments
// help output
`
cli name
custom help text
commands:
magic - aliases: ["m"]
flags:
--spell - aliases: ["-s"]
environment switches:
dev: set process.NODE_ENV to development - aliases ["development"]
`
there are some configuration parameters that can be passed to the cli function
const args = {
pure: false, // set to true to prevent changes to process.argv and process.env
pureEnv: false, // set to true to prevent changes to process.env
pureArgv: false, // set to true to prevent changes to process.argv
}
cli(args)
process.argv values can be prepended and appended
const cli = require('@magic/cli)
const args = {
prepend: ['prepended']
append: ['appended']
}
cli(args)
use this to set default process.argv key: value pairs that should be set if they are not
const cli = require('@magic/cli')
const args = {
options: [
['--default-key'],
],
default: [
['--default-key', 'default-value']
],
}
const argv = cli(args)
// returns
{
argv: {
'--default-key': 'default-value',
},
}
cli's should now correctly process.exit(1) on error of the spawned process.
FAQs
declarative command line interfaces with aliasing, commands and environment sanitization
The npm package @magic/cli receives a total of 346 weekly downloads. As such, @magic/cli popularity was classified as not popular.
We found that @magic/cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.