Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@magic/cli
Advanced tools
declarative command line interfaces with aliasing, commands and environment sanitization
declarative cli sanitization and execution for @magic
sanitizes cli flags from aliases to default names
rewrites process.argv accordingly
provides autogenerated --help output (that can be customized)
handles commands and environment.
ecmascript modules only. no commonjs support.
@magic/log, @magic/cases and @magic/types have no dependencies.
be in a node ecmascript module project.
npm i --save-dev --save-exact @magic/cli
there are some quirks that need some careful consideration when designing a cli api depending on your requirements, these caveats should seldomly apply.
if your last argument does not have a corresponding flag, it will still be assigned to the last flag prior to it.
if one of your options gets an argument that is equal to a command, this command will be executed
cli arguments that start with a - will always be treated as flags, not values.
those issues might get addressed in the future.
first, define the cli file
// ./bin.mjs
import { cli } from '@magic/cli'
const res = cli({
commands: [
['cmd1', 'cmd1alias'],
'cmd2',
],
options: [
['--flag1', '-f1'],
['--flag2', '-f2'],
],
default: {
'--default-key': 'default-value',
},
required: [
'--default-key',
],
single: [
'--default-key',
],
env: [[['--production', '--prod', '--p', '-p'], 'NODE_ENV', 'production']],
pure: true, // do neither change process.argv nor process.env
pureArgv: true, // do not change process.argv
pureEnv: true, // do not change process.env
})
console.log(res)
argv mappings handle options and option aliases
using the cli file above
./bin.mjs -f1 arg1 arg2 -f2
resulting process.argv:
process.argv = [
'/path/to/bin/node',
'/path/to/bin.mjs',
'cmd1',
'--flag1'
'arg1',
'arg2',
'--flag2',
]
logged javascript object
{
argv: { '--flag1': ['arg1', arg2], '--flag2': [] },
args: { flag1: ['arg1', 'arg2'], flag2: [] },
// ... other fields
}
cli commands will be handled too.
// call
./bin.js cmd1
// results:
{
commands: { cmd1: true },
// ... other fields
}
@magic/cli will parse your configuration and create a help text based on it.
// ./bin.mjs
import cli from '@magic/cli'
const args = {
commands: [['magic', 'm']],
options: [['--spell', '-s']],
env: [[['dev', 'development'], 'NODE_ENV', 'development']],
help: 'custom help text',
}
const argv = cli(args)
then run ./bin.mjs without arguments
./bin.mjs
// help output
`
@magic/cli wrapped cli.
custom help text
cli commands
magic - aliases: ["m"]
possible command line flags:
--spell - aliases: ["-s"]
environment switches:
dev: set NODE_ENV to development - aliases ["development"]
`
the help property will accept an object which maps to the args object
import cli from '@magic/cli'
const args = {
commands: [['magic', 'm']],
options: [['--spell', '-s']],
env: [[['dev', 'development'], 'NODE_ENV', 'development']],
prepend: 'prepend',
append: 'append',
help: {
name: 'cli name',
text: 'custom help text',
commands: {
magic: 'magic info help text',
},
options: {
'--spell': 'cast a simple spell',
},
env: ['dev', 'set environment to development'],
},
}
const argv = cli(args)
// running
./bin.js
// without arguments
// help output
`
cli name
custom help text
commands:
magic - aliases: ["m"]
flags:
--spell - aliases: ["-s"]
environment switches:
dev: set process.NODE_ENV to development - aliases ["development"]
`
some cli arguments will be expected to return a string instead of a list of arguments.
this can be achieved using the single array
const args = {
options: [['--single', '-s']],
single: ['--single'],
}
const res = cli(args)
console.log(res)
some cli arguments will be required.
this can be achieved using the required array.
if a required field is missing, a error message and the help will be shown.
const args = {
options: [['--required', '-r']],
required: ['--required'],
}
const res = cli(args)
console.log(res)
there are some configuration parameters that can be passed to the cli function
const args = {
pure: false, // set to true to prevent changes to process.argv and process.env
pureEnv: false, // set to true to prevent changes to process.env
pureArgv: false, // set to true to prevent changes to process.argv
}
cli(args)
process.argv values can be prepended and appended
import cli from '@magic/cli'
const args = {
prepend: ['prepended']
append: ['appended']
}
cli(args)
use this to set default process.argv key: value pairs that should be set if they are not
import cli from '@magic/cli'
const args = {
options: [
['--default-key'],
],
default: {
'--default-key': 'default-value',
},
}
const argv = cli(args)
// returns
{
argv: {
'--default-key': 'default-value',
},
}
first release
cli's should now correctly process.exit(1) on error of the spawned process.
console help output now aligns nicely
node 12.4.0 does not have --experimental-node-modules fladg.
readd --experimental-node-modules flag for 13.1.0+
update dependencies bump node version
help is shown if cli has commands but none are given
update dependencies
update dependencies
add @magic/cases dependency
update deps
--help works for cli scripts without commands too
cli will always provide --help and -h flags to show help
required args can now be an array. this allows '--a' or '--b' to be required. errors if both are given.
cli-name all
now automagically sets all available commands to true.regression: calling cli that has commands without commands will show help again.
regression: make commands only have keys for active commands again
finally get rid of the command regressions
nicer output for prompt messages
bump required node version to 14.2.0
update dependencies
update dependencies
update dependencies
update dependencies
update dependencies
update dependencies
update dependencies
update dependencies
update dependencies
update dependencies
update dependencies
...
FAQs
declarative command line interfaces with aliasing, commands and environment sanitization
The npm package @magic/cli receives a total of 346 weekly downloads. As such, @magic/cli popularity was classified as not popular.
We found that @magic/cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.