Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The argparse npm package is a node.js module for parsing command-line options and arguments. It is inspired by the Python argparse module and allows developers to create user-friendly command-line interfaces for their applications. It provides a way to specify what arguments the program requires, and parses those arguments from the process.argv array.
Argument Parsing
This feature allows the program to parse command-line arguments. The code sample demonstrates how to create a new ArgumentParser, add arguments with options like verbosity, and then parse the arguments provided by the user.
const { ArgumentParser } = require('argparse');
const parser = new ArgumentParser({
description: 'Argparse example'
});
parser.add_argument('-v', '--verbose', {
help: 'increase output verbosity',
action: 'store_true'
});
parser.add_argument('echo', {
help: 'echo the string you use here'
});
const args = parser.parse_args();
console.log(args);
Sub-commands
This feature allows the program to define sub-commands, which are commands that the program can perform. The code sample shows how to create sub-commands for starting and stopping a service, with additional options for each sub-command.
const { ArgumentParser } = require('argparse');
const parser = new ArgumentParser({
description: 'Sub-command example'
});
const subparsers = parser.add_subparsers({
title: 'subcommands',
dest: 'subcommand_name'
});
const start = subparsers.add_parser('start', { aliases: ['run'] });
start.add_argument('-s', '--service', { help: 'Start the service' });
const stop = subparsers.add_parser('stop');
stop.add_argument('-f', '--force', { help: 'Force stop', action: 'store_true' });
const args = parser.parse_args();
console.log(args);
Argument Types and Choices
This feature allows the program to specify the type of an argument and restrict it to a set of choices. The code sample demonstrates how to define an integer argument and a string argument that must be one of the specified choices.
const { ArgumentParser } = require('argparse');
const parser = new ArgumentParser({
description: 'Argument types example'
});
parser.add_argument('square', {
help: 'display a square of a given number',
type: 'int'
});
parser.add_argument('--cuisine', {
help: 'choose the type of cuisine',
choices: ['Italian', 'Mexican', 'Japanese'],
required: true
});
const args = parser.parse_args();
console.log(args);
Commander is another popular npm package for command-line interfaces. It provides a high-level way to specify commands and options, and it automatically generates help messages. Commander is known for its simplicity and declarative style of defining command-line options.
Yargs is a node.js library that helps build interactive command-line tools, by parsing arguments and generating an elegant user interface. It comes with features like command chaining, automatic help generation, and more. Yargs is often praised for its fluent API and its support for advanced features like command-specific configurations.
Minimist is a minimalistic argument parsing library. It is designed to be simple and straightforward, with fewer features than argparse, commander, or yargs. It is a good choice for those who need something lightweight without the need for complex command-line interfaces.
CLI arguments parser for node.js, with sub-commands support. Port of python's argparse (version 3.9.0).
Difference with original.
new ArgumentParser({ description: 'example', add_help: true })
.int
, float
, ...
.add_argument('-b', { type: 'int', help: 'help' })
.%r
format specifier uses require('util').inspect()
.More details in doc.
test.js
file:
#!/usr/bin/env node
'use strict';
const { ArgumentParser } = require('argparse');
const { version } = require('./package.json');
const parser = new ArgumentParser({
description: 'Argparse example'
});
parser.add_argument('-v', '--version', { action: 'version', version });
parser.add_argument('-f', '--foo', { help: 'foo bar' });
parser.add_argument('-b', '--bar', { help: 'bar foo' });
parser.add_argument('--baz', { help: 'baz bar' });
console.dir(parser.parse_args());
Display help:
$ ./test.js -h
usage: test.js [-h] [-v] [-f FOO] [-b BAR] [--baz BAZ]
Argparse example
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-f FOO, --foo FOO foo bar
-b BAR, --bar BAR bar foo
--baz BAZ baz bar
Parse arguments:
$ ./test.js -f=3 --bar=4 --baz 5
{ foo: '3', bar: '4', baz: '5' }
Since this is a port with minimal divergence, there's no separate documentation. Use original one instead, with notes about difference.
Available as part of the Tidelift Subscription
The maintainers of argparse and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
FAQs
CLI arguments parser. Native port of python's argparse.
We found that argparse demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.