Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@travetto/exec
Advanced tools
Common wrapper around process execution with high level docker support.
Install: primary
$ npm install @travetto/exec
The exec module provides the necessary foundation for calling executables at runtime. Additionally special attention is provided to running docker
containers.
Just like child_process
, the module exposes spawn
, fork
, and exec
. These are generally wrappers around the underlying functionality. In addition to the base functionality, each of those functions is converted to a Promise
structure, that throws an error on an non-zero return status.
A simple example would be
Code: Running a directory listing via ls
async function executeListing() {
const { result } = Exec.spawn('ls');
await result;
}
As you can see, the call returns not only the child process information, but the Promise
to wait for. Additionally, some common patterns are provided for the default construction of the child process. In addition to the standard options for running child processes, the module also supports:
timeout
as the number of milliseconds the process can run before terminating and throwing an errorquiet
which suppresses all stdout/stderr outputstdin
as a string, buffer or stream to provide input to the program you are running;timeoutKill
allows for registering functionality to execute when a process is force killed by timeoutDocker provides a unified way of executing external programs with a high level of consistency and simplicity. For that reason, the framework leverages this functionality to provide a clean cross-platform experience. The docker functionality allows you to interact with containers in two ways:
Shutdown
of the application.Code: Establishing mongo as a DockerContainer instance
async function runMongo() {
const port = 10000;
const container = new DockerContainer('mongo:latest')
.createTempVolume('/var/workspace')
.exposePort(port)
.setWorkingDir('/var/workspace')
.forceDestroyOnShutdown();
container.run(['--storageEngine', 'ephemeralForTest', '--port', port]);
await container.waitForPorts();
return;
}
While docker containers provide a high level of flexibility, performance can be an issue. CommandService
is a construct that wraps execution of a specific child program. It allows for the application to decide between using docker to invoke the child program or calling the binary against the host operating system. This is especially useful in environments where installation of programs (and specific versions) is challenging.
Code: Command Service example, using pngquant
const converter = new CommandService({
containerImage: 'agregad/pngquant',
localCheck: ['pngquant', ['-h']]
});
async function compress(img) {
const state = await converter.exec('pngquant', '--quality', '40-80', '--speed 1', '--force', '-');
const out = `${img}.compressed`;
fs.createReadStream(img).pipe(state.process.stdin);
state.process.stdout.pipe(fs.createWriteStream(out));
await state.result;
}
FAQs
Common wrapper around process execution with high level docker support.
The npm package @travetto/exec receives a total of 34 weekly downloads. As such, @travetto/exec popularity was classified as not popular.
We found that @travetto/exec demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.