Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@travetto/terminal
Advanced tools
Install: @travetto/terminal
npm install @travetto/terminal
# or
yarn add @travetto/terminal
This module provides basic support for interacting with the terminal, and provides the basis for output colorization and the basic command line interactions. The functionality can be broken down into:
Oddly enough, colorizing output in a terminal is a fairly complex process. The standards are somewhat inconsistent and detection can be a tricky process. For terminals, Node supports 4 different levels of coloring:
These palettes then are usable at runtime, with the module determining light or dark palettes, as well as falling back to the closest color value based on what the existing terminal supports. This means a color like 'olivegreen', will get the proper output in 24bit color support, a close approximation in enhanced color support, fall back to green in basic color support, and will be color less at level 0.
Code: CLI Color Palette
import { StyleUtil } from '@travetto/terminal';
export const cliTpl = StyleUtil.getTemplate({
input: '#6b8e23', // Olive drab
output: '#ffc0cb', // Pink
path: '#008080', // Teal
success: '#00ff00', // Green
failure: '#ff0000', // Red
param: ['#ffff00', '#daa520'], // Yellow / Goldenrod
type: '#00ffff', // Teal
description: ['#e5e5e5', '#808080'], // White / Gray
title: ['#ffffff', '#000000'], // Bright white / black
identifier: '#1e90ff', // Dodger blue
subtitle: ['#d3d3d3', '#a9a9a9'], // Light gray / Dark Gray
subsubtitle: '#a9a9a9' // Dark gray
});
When the color palette is combined with Base's Util.makeTemplate, you produce a string template function that will automatically colorize:
Code: Sample Template Usage
cliTpl`Build finished: status=${{success: "complete"}}, output=${{path: "/build.zip"}}`
This would then produce colorized output based on the palette, and the terminal capabilities.
This module follows the pattern Node follows with respect to the environment variables: NO_COLOR
, FORCE_COLOR
and NODE_DISABLE_COLORS
Terminal: Node help on colors
$ node -h | grep -i color
FORCE_COLOR when set to 'true', 1, 2, 3, or an
empty string causes NO_COLOR and
NODE_DISABLE_COLORS to be ignored.
NO_COLOR Alias for NODE_DISABLE_COLORS
NODE_DISABLE_COLORS set to 1 to disable colors in the REPL
Within the Travetto framework, there are plenty of command line interactions that are enhanced with additional interactivity. This mainly revolves around indicating progress while a program is executing. The module provides support for:
In these scenarios, the dynamic behaviors are dependent on having an interactive TTY. When running without access to a proper stdin, the output will default to basic line printing. This dynamic behavior can also be disabled using the environment variable TRV_QUIET
. When set to 1
will provide a minimal text-based experience.
FAQs
General terminal support
The npm package @travetto/terminal receives a total of 106 weekly downloads. As such, @travetto/terminal popularity was classified as not popular.
We found that @travetto/terminal demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.