Research
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
By Kush Pandya - Apr 18, 2025
You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP →
What is argparse?
The argparse npm package is a node.js module for parsing command-line options and arguments. It is inspired by the Python argparse module and allows developers to create user-friendly command-line interfaces for their applications. It provides a way to specify what arguments the program requires, and parses those arguments from the process.argv array.
What are argparse's main functionalities?
Argument Parsing
This feature allows the program to parse command-line arguments. The code sample demonstrates how to create a new ArgumentParser, add arguments with options like verbosity, and then parse the arguments provided by the user.
const { ArgumentParser } = require('argparse');
const parser = new ArgumentParser({
description: 'Argparse example'
});
parser.add_argument('-v', '--verbose', {
help: 'increase output verbosity',
action: 'store_true'
});
parser.add_argument('echo', {
help: 'echo the string you use here'
});
const args = parser.parse_args();
console.log(args);Sub-commands
This feature allows the program to define sub-commands, which are commands that the program can perform. The code sample shows how to create sub-commands for starting and stopping a service, with additional options for each sub-command.
const { ArgumentParser } = require('argparse');
const parser = new ArgumentParser({
description: 'Sub-command example'
});
const subparsers = parser.add_subparsers({
title: 'subcommands',
dest: 'subcommand_name'
});
const start = subparsers.add_parser('start', { aliases: ['run'] });
start.add_argument('-s', '--service', { help: 'Start the service' });
const stop = subparsers.add_parser('stop');
stop.add_argument('-f', '--force', { help: 'Force stop', action: 'store_true' });
const args = parser.parse_args();
console.log(args);Argument Types and Choices
This feature allows the program to specify the type of an argument and restrict it to a set of choices. The code sample demonstrates how to define an integer argument and a string argument that must be one of the specified choices.
const { ArgumentParser } = require('argparse');
const parser = new ArgumentParser({
description: 'Argument types example'
});
parser.add_argument('square', {
help: 'display a square of a given number',
type: 'int'
});
parser.add_argument('--cuisine', {
help: 'choose the type of cuisine',
choices: ['Italian', 'Mexican', 'Japanese'],
required: true
});
const args = parser.parse_args();
console.log(args);Other packages similar to argparse
commander
Commander is another popular npm package for command-line interfaces. It provides a high-level way to specify commands and options, and it automatically generates help messages. Commander is known for its simplicity and declarative style of defining command-line options.
yargs
Yargs is a node.js library that helps build interactive command-line tools, by parsing arguments and generating an elegant user interface. It comes with features like command chaining, automatic help generation, and more. Yargs is often praised for its fluent API and its support for advanced features like command-specific configurations.
minimist
Minimist is a minimalistic argument parsing library. It is designed to be simple and straightforward, with fewer features than argparse, commander, or yargs. It is a good choice for those who need something lightweight without the need for complex command-line interfaces.
argparse
CLI arguments parser for node.js, with sub-commands support. Port of python's argparse (version 3.9.0).
Difference with original.
- JS has no keyword arguments support.
- Pass options instead:
new ArgumentParser({ description: 'example', add_help: true }).
- Pass options instead:
- JS has no python's types
int,float, ...- Use string-typed names:
.add_argument('-b', { type: 'int', help: 'help' }).
- Use string-typed names:
%rformat specifier usesrequire('util').inspect().
More details in doc.
Example
test.js file:
#!/usr/bin/env node
'use strict';
const { ArgumentParser } = require('argparse');
const { version } = require('./package.json');
const parser = new ArgumentParser({
description: 'Argparse example'
});
parser.add_argument('-v', '--version', { action: 'version', version });
parser.add_argument('-f', '--foo', { help: 'foo bar' });
parser.add_argument('-b', '--bar', { help: 'bar foo' });
parser.add_argument('--baz', { help: 'baz bar' });
console.dir(parser.parse_args());
Display help:
$ ./test.js -h
usage: test.js [-h] [-v] [-f FOO] [-b BAR] [--baz BAZ]
Argparse example
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-f FOO, --foo FOO foo bar
-b BAR, --bar BAR bar foo
--baz BAZ baz bar
Parse arguments:
$ ./test.js -f=3 --bar=4 --baz 5
{ foo: '3', bar: '4', baz: '5' }
API docs
Since this is a port with minimal divergence, there's no separate documentation. Use original one instead, with notes about difference.
argparse for enterprise
Available as part of the Tidelift Subscription
The maintainers of argparse and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
[2.0.1] - 2020-08-29
Fixed
- Fix issue with
process.argvwhen used with interpreters (coffee,ts-node, etc.), #150.
FAQs
CLI arguments parser. Native port of python's argparse.
The npm package argparse receives a total of 90,191,835 weekly downloads. As such, argparse popularity was classified as popular.
We found that argparse demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 28 Aug 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Python Tools Are Quickly Adopting the New pylock.toml Standard
pip, PDM, pip-audit, and the packaging library are already adding support for Python’s new lock file format.
By Sarah Gooding - Apr 18, 2025
Product
Go Support Is Now Generally Available
Socket's Go support is now generally available, bringing automatic scanning and deep code analysis to all users with Go projects.
By Peter van der Zee, Ryan Eberhardt - Apr 17, 2025