Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@oclif/core
Advanced tools
The @oclif/core npm package is a framework for building command-line interfaces (CLIs) in Node.js. It provides a powerful set of tools to develop sophisticated CLIs with features such as argument parsing, command structure, and plugin support. This package is part of the Open CLI Framework (OCLIF) developed by Heroku.
Command Creation
This feature allows developers to create custom commands for their CLI. The code sample demonstrates how to define a simple command that accepts a name as a flag and prints a greeting message.
const {Command, flags} = require('@oclif/core');
class MyCommand extends Command {
async run() {
const {flags} = await this.parse(MyCommand);
console.log(`Hello, ${flags.name}!`);
}
}
MyCommand.description = 'Describe the command here';
MyCommand.flags = {
name: flags.string({char: 'n', description: 'name to print'}),
};
module.exports = MyCommand;
Argument Parsing
This feature simplifies the process of parsing arguments passed to commands. The code sample shows how to create a command that echoes a message passed as an argument.
const {Command, flags} = require('@oclif/core');
class EchoCommand extends Command {
async run() {
const {args} = await this.parse(EchoCommand);
console.log(`Echoing: ${args.message}`);
}
}
EchoCommand.args = [{name: 'message'}];
module.exports = EchoCommand;
Plugin Support
OCLIF supports plugins to extend the functionality of your CLI. This code sample demonstrates how to define a simple plugin that includes a custom command.
const {Command, Plugin} = require('@oclif/core');
class MyPlugin extends Plugin {
constructor(root, config) {
super(root, config);
this.name = 'my-plugin';
}
commands = [require('./commands/my-command')];
}
module.exports = MyPlugin;
Commander is a lightweight, expressive, and powerful command-line framework for Node.js. It provides a simpler API compared to @oclif/core but lacks some of the advanced features such as plugin support and automatic help generation.
Yargs helps you build interactive command-line tools, by parsing arguments and generating an elegant user interface. It's more focused on parsing arguments and providing a fluent API, whereas @oclif/core offers a more structured approach to building CLIs with support for plugins and multi-command CLIs.
Vorpal is a framework for building immersive CLI applications in Node. It offers a similar command-based structure to @oclif/core but with a focus on interactive command-line interfaces. Vorpal is less actively maintained compared to @oclif/core.
This is a framework for building CLIs in Node.js. This framework was built out of the Salesforce CLI but generalized to build any custom CLI. It's designed both for single-file CLIs with a few flag options (like cat
or ls
), or for very complex CLIs that have subcommands (like git
or heroku
).
See the docs for more information.
The Getting Started tutorial is a step-by-step guide to introduce you to oclif. If you have not developed anything in a command line before, this tutorial is a great place to get started.
--help
to the CLI to get help such as flag options and argument information. This information is also automatically placed in the README whenever the npm package of the CLI is published. See the hello-world CLI examplets-node
to run the plugins enabling you to use TypeScript with minimal-to-no boilerplate needed for any oclif CLI.$ heroku info --app=<tab><tab> # will complete with all the Heroku apps a user has in their account
Currently, Node 18+ is supported. We support the LTS versions of Node. You can add the node package to your CLI to ensure users are running a specific version of Node.
See the v3 migration guide for an overview of breaking changes that occurred between v2 and v3.
See the v2 migration guide for an overview of breaking changes that occurred between v1 and v2.
Migrating from @oclif/config
and @oclif/command
? See the v1 migration guide.
The official oclif website, oclif.io, contains all the documentation you need for developing a CLI with oclif.
If there's anything you'd like to see in the documentation, please submit an issue on the oclif.github.io repo.
We strongly encourage you generate an oclif CLI using the oclif cli. The generator will generate an npm package with @oclif/core
as a dependency.
You can, however, use @oclif/core
in a standalone script like this:
#!/usr/bin/env -S node --loader ts-node/esm --no-warnings=ExperimentalWarning
import * as fs from 'fs'
import {Command, Flags, flush, handle} from '@oclif/core'
class LS extends Command {
static description = 'List the files in a directory.'
static flags = {
version: Flags.version(),
help: Flags.help(),
dir: Flags.string({
char: 'd',
default: process.cwd(),
}),
}
async run() {
const {flags} = await this.parse(LS)
const files = fs.readdirSync(flags.dir)
for (const f of files) {
this.log(f)
}
}
}
LS.run().then(
async () => {
await flush()
},
async (err) => {
await handle(err)
},
)
Then run it like this:
$ ts-node myscript.ts
...files in current dir...
🚀 Contributing
See the contributing guide.
FAQs
base library for oclif CLIs
The npm package @oclif/core receives a total of 1,531,240 weekly downloads. As such, @oclif/core popularity was classified as popular.
We found that @oclif/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.