Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@types/which
Advanced tools
TypeScript definitions for which
The @types/which package provides TypeScript type definitions for the 'which' npm package. 'which' is a utility that locates and returns the path to an executable in the system path, similar to the Unix 'which' command. The @types/which package does not contain functionality itself but provides type definitions to help TypeScript developers use the 'which' package with type safety.
Type definitions for finding an executable in the path
This code sample demonstrates how to use the 'which' package with TypeScript type definitions provided by @types/which. It attempts to locate the 'node' executable in the system path and prints its location or an error if not found.
import which from 'which';
which('node', (err, resolvedPath) => {
if (err) {
console.error('Node executable not found');
return;
}
console.log('Node executable located at:', resolvedPath);
});
find-exec is a package that provides similar functionality to 'which', allowing users to find the path of executables in the system path. Unlike @types/which, find-exec does not require separate type definitions as it may already include TypeScript support or be used in a JavaScript context.
locate-path is another package that helps in finding paths of files or directories based on given criteria. While it serves a broader purpose compared to 'which', it can be used to achieve similar results. It differs from @types/which in that it is not specifically focused on executables and does not provide TypeScript types out of the box.
npm install --save @types/which
This package contains type definitions for which (https://github.com/isaacs/node-which).
Files were exported from https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/which.
/** Finds all instances of a specified executable in the PATH environment variable */
type AppendNullIfNothrow<TOptions, TRet> = TOptions extends { nothrow: infer TVal }
// nothrow is specified
? TVal extends false
// TVal is false
? TRet
// TVal is boolean or true
: TRet | null
// nothrow not specified
: TRet;
type TransformToArrayIfAll<TOptions, TRet> = TOptions extends { all: infer TVal }
// all is specified
? TVal extends true
// TVal is true
? readonly TRet[]
: TVal extends false
// TVal is false
? TRet
// TVal is boolean
: readonly TRet[] | TRet
// all not specified
: TRet;
type ReturnType<TOptions> = AppendNullIfNothrow<TOptions, TransformToArrayIfAll<TOptions, string>>;
type Exact<T, U extends T> = {
[Key in keyof U]: Key extends keyof T ? U[Key]
: never;
};
declare function which<TOptions extends which.Options>(
cmd: string,
options?: Exact<which.Options, TOptions>,
): Promise<ReturnType<Exact<which.Options, TOptions>>>;
declare namespace which {
/** Finds all instances of a specified executable in the PATH environment variable */
function sync<TOptions extends Options>(
cmd: string,
options?: Exact<Options, TOptions>,
): ReturnType<Exact<Options, TOptions>>;
/** Options for which() API */
interface Options {
/** If true, return all matches, instead of just the first one. Note that this means the function returns an array of strings instead of a single string. */
all?: boolean | undefined;
/** Use instead of the PATH environment variable. */
path?: string | undefined;
/** Use instead of the PATHEXT environment variable. */
pathExt?: string | undefined;
/** Use instead of the platform's native path separator. */
delimiter?: string | undefined;
/** If true, returns null when not found */
nothrow?: boolean | undefined;
}
}
export = which;
These definitions were written by vvakame, cspotcode, and Piotr Błażejewicz.
FAQs
TypeScript definitions for which
We found that @types/which demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.