Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@push.rocks/smartshell
Advanced tools
shell actions designed as promises
To install @push.rocks/smartshell
, use npm:
npm install @push.rocks/smartshell --save
Or if you prefer using Yarn:
yarn add @push.rocks/smartshell
Ensure that you have TypeScript and the related dependencies installed as well since @push.rocks/smartshell
is designed to work with TypeScript.
The @push.rocks/smartshell
package simplifies running shell commands within Node.js applications by wrapping these commands within promises. This approach enhances the readability and maintainability of code that relies on shell execution, making it particularly useful in automation scripts, build processes, and any scenario where interaction with the system shell is required.
@push.rocks/smartshell
First, ensure that you import Smartshell
from @push.rocks/smartshell
using ESM syntax in your TypeScript file:
import { Smartshell } from '@push.rocks/smartshell';
Before executing any shell command, you need to create an instance of Smartshell
. The constructor accepts configuration options such as the shell executor (bash
or sh
), and optionally, paths to source files and directories to include in the shell’s environment.
const smartShellInstance = new Smartshell({
executor: 'bash', // or 'sh'
});
To execute a shell command, use the exec
method. This method returns a promise that resolves with an execution result object containing exitCode
and stdout
.
(async () => {
const result = await smartShellInstance.exec('echo "Hello, SmartShell"');
console.log(result.stdout); // Outputs: Hello, SmartShell
})();
If you prefer not to display the output in the console, use execSilent
:
(async () => {
const result = await smartShellInstance.execSilent('ls');
console.log(result.stdout); // Outputs the list of files and directories
})();
For scenarios where an execution error should immediately throw an exception, use execStrict
:
(async () => {
try {
const result = await smartShellInstance.execStrict('exit 1');
} catch (error) {
console.error('Command execution failed');
}
})();
Some commands benefit from streaming output as they execute, especially long-running tasks. For these cases, use execStreaming
:
(async () => {
const execStreamingResult = await smartShellInstance.execStreaming('tail -f /var/log/system.log');
execStreamingResult.childProcess.stdout.on('data', (data) => {
console.log(data.toString());
});
// Remember to handle the process termination as necessary.
})();
smartshell
allows for the execution of commands within a modified environment, facilitating the use of custom variables or altered PATH values:
(async () => {
smartShellInstance.shellEnv.addSourceFiles(['/path/to/envFile']);
smartShellInstance.shellEnv.pathDirArray.push('/custom/bin');
const result = await smartShellInstance.exec('echo $CUSTOM_VAR');
console.log(result.stdout); // Outputs the value of CUSTOM_VAR
})();
For commands that require interactive terminal input (not typically recommended for automated scripts), you can use execInteractive
:
(async () => {
await smartShellInstance.execInteractive('npm init');
})();
To wait for a specific line before proceeding, you might use execAndWaitForLine
. This is useful for waiting on a process to log a certain message:
(async () => {
await smartShellInstance.execAndWaitForLine('npm run watch', /Compilation complete./);
console.log('The watch process has finished compiling.');
})();
Given the vast array of features offered by @push.rocks/smartshell
, integrating shell operations into your TypeScript applications becomes both straightforward and powerful. By harnessing promises and async/await syntax, smartshell
effectively streamlines shell interactions, making your code cleaner and more intuitive.
This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the license file within this repository.
Please note: The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH and are not included within the scope of the MIT license granted herein. Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines, and any usage must be approved in writing by Task Venture Capital GmbH.
Task Venture Capital GmbH
Registered at District court Bremen HRB 35230 HB, Germany
For any legal inquiries or if you require further information, please contact us via email at hello@task.vc.
By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.
FAQs
A library for executing shell commands using promises.
We found that @push.rocks/smartshell demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.