Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@zkochan/cmd-shim
Advanced tools
@zkochan/cmd-shim is an npm package that allows you to create command-line shims. These shims are small scripts that act as a bridge between the command line and a Node.js script, making it easier to run Node.js scripts as if they were native command-line applications.
Creating a Command Shim
This feature allows you to create a command shim that links a source Node.js script to a target command. When the target command is executed, it will run the source script. This is useful for making Node.js scripts easily executable from the command line.
const cmdShim = require('@zkochan/cmd-shim');
cmdShim('path/to/source.js', 'path/to/target', (err) => {
if (err) throw err;
console.log('Command shim created successfully!');
});
Creating a Command Shim with Options
This feature allows you to create a command shim with additional options. For example, the `createCmdFile` option can be set to true to create a .cmd file on Windows. This provides more control over the behavior of the created shim.
const cmdShim = require('@zkochan/cmd-shim');
const options = { createCmdFile: true };
cmdShim('path/to/source.js', 'path/to/target', options, (err) => {
if (err) throw err;
console.log('Command shim with options created successfully!');
});
bin-wrapper is a package that helps you download and manage binaries for your Node.js projects. It provides a higher-level abstraction compared to @zkochan/cmd-shim, focusing on managing the entire lifecycle of binaries rather than just creating command shims.
shelljs is a package that provides portable Unix shell commands for Node.js. While it is more general-purpose and offers a wide range of shell commands, it can also be used to create command-line interfaces and scripts, similar to what @zkochan/cmd-shim aims to achieve.
npm-run-all is a package that allows you to run multiple npm scripts sequentially or in parallel. While it is not specifically designed for creating command shims, it helps in managing and running multiple scripts, which can be a complementary functionality to what @zkochan/cmd-shim offers.
Used in pnpm for command line application support
The cmd-shim used in pnpm to create executable scripts.
npm install --save @zkochan/cmd-shim
cmdShim(src, to, opts?): Promise<void>
Create a cmd shim at to
for the command line program at from
.
e.g.
const cmdShim = require('@zkochan/cmd-shim')
cmdShim(__dirname + '/cli.js', '/usr/bin/command-name')
.catch(err => console.error(err))
cmdShim.ifExists(src, to, opts?): Promise<void>
The same as above, but will just continue if the file does not exist.
opts.preserveSymlinks
- Boolean - if true, --preserve-symlinks
is added to the options passed to NodeJS.opts.nodePath
- String - sets the NODE_PATH env variable.opts.createCmdFile
- Boolean - is true
on Windows by default. If true, creates a cmd file.opts.createPwshFile
- Boolean - is true
by default. If true, creates a powershell file.opts.progArgs
- String - optional arguments that will be prepend to any CLI argumentsconst cmdShim = require('@zkochan/cmd-shim')
cmdShim(__dirname + '/cli.js', '/usr/bin/command-name', { preserveSymlinks: true })
.catch(err => console.error(err))
FAQs
Used in pnpm for command line application support
We found that @zkochan/cmd-shim demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.