Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@oclif/core
Advanced tools
The @oclif/core npm package is a framework for building command-line interfaces (CLIs) in Node.js. It provides a powerful set of tools to develop sophisticated CLIs with features such as argument parsing, command structure, and plugin support. This package is part of the Open CLI Framework (OCLIF) developed by Heroku.
Command Creation
This feature allows developers to create custom commands for their CLI. The code sample demonstrates how to define a simple command that accepts a name as a flag and prints a greeting message.
const {Command, flags} = require('@oclif/core');
class MyCommand extends Command {
async run() {
const {flags} = await this.parse(MyCommand);
console.log(`Hello, ${flags.name}!`);
}
}
MyCommand.description = 'Describe the command here';
MyCommand.flags = {
name: flags.string({char: 'n', description: 'name to print'}),
};
module.exports = MyCommand;
Argument Parsing
This feature simplifies the process of parsing arguments passed to commands. The code sample shows how to create a command that echoes a message passed as an argument.
const {Command, flags} = require('@oclif/core');
class EchoCommand extends Command {
async run() {
const {args} = await this.parse(EchoCommand);
console.log(`Echoing: ${args.message}`);
}
}
EchoCommand.args = [{name: 'message'}];
module.exports = EchoCommand;
Plugin Support
OCLIF supports plugins to extend the functionality of your CLI. This code sample demonstrates how to define a simple plugin that includes a custom command.
const {Command, Plugin} = require('@oclif/core');
class MyPlugin extends Plugin {
constructor(root, config) {
super(root, config);
this.name = 'my-plugin';
}
commands = [require('./commands/my-command')];
}
module.exports = MyPlugin;
Commander is a lightweight, expressive, and powerful command-line framework for Node.js. It provides a simpler API compared to @oclif/core but lacks some of the advanced features such as plugin support and automatic help generation.
Yargs helps you build interactive command-line tools, by parsing arguments and generating an elegant user interface. It's more focused on parsing arguments and providing a fluent API, whereas @oclif/core offers a more structured approach to building CLIs with support for plugins and multi-command CLIs.
Vorpal is a framework for building immersive CLI applications in Node. It offers a similar command-based structure to @oclif/core but with a focus on interactive command-line interfaces. Vorpal is less actively maintained compared to @oclif/core.
base library for oclif CLIs
If you're migrating from the old oclif libraries (@oclif/config
, @oclif/command
, @oclif/error
, @oclif/parser
), see the migration guide.
The @oclif/core
module now also includes the cli-ux
module. Merging cli-ux
into @oclif/core
resolves a circular dependency between the two modules.
See the cli-ux README for instructions on how to replace the cli-ux
module with @oclif/core
.
The cli-ux README also contains detailed usage examples.
We strongly encourage you generate an oclif CLI using the oclif cli. The generator will generate an npm package with @oclif/core
as a dependency.
You can, however, use @oclif/core
in a standalone script like this:
#!/usr/bin/env ts-node
import * as fs from 'fs'
import {Command, Flags} from '@oclif/core'
class LS extends Command {
static description = 'List the files in a directory.'
static flags = {
version: Flags.version(),
help: Flags.help(),
dir: Flags.string({
char: 'd',
default: process.cwd(),
}),
}
async run() {
const {flags} = await this.parse(LS)
const files = fs.readdirSync(flags.dir)
for (const f of files) {
this.log(f)
}
}
}
LS.run().then(() => {
require('@oclif/core/flush')
}, () => {
require('@oclif/core/handle')
})
Then run it like this:
$ ts-node myscript.ts
...files in current dir...
FAQs
base library for oclif CLIs
We found that @oclif/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.