Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
args-tokenizer
Advanced tools
args-tokenizer
args-tokenizer is a lightweight JavaScript library for parsing shell commands with arguments into an argv array. This makes it easy to work with command-line tools and libraries that expect an array format for arguments, such as tinyexec.
Features
- Simple and intuitive API.
- Handles quoted strings and escapes correctly.
- Supports multiline input.
- Ideal for parsing human-readable shell commands, especially
curl-style commands.
Made at Webstudio, open source website builder.
Installation
Install args-tokenizer:
npm install args-tokenizer
Usage
Here's how you can use args-tokenizer to parse shell commands:
import { tokenizeArgs } from "args-tokenizer";
const args = tokenizeArgs(`ls -la "./src"`);
console.log(args); // ["ls", "-la", "./src"]
Multiline Input Support
args-tokenizer also supports multiline commands, such as:
const args = tokenizeArgs(`
curl \\
-X POST \\
"https://my-url.com"
`);
console.log(args); // ["curl", "-X", "POST", "https://my-url.com"]
Example with tinyexec
One common use case is passing more human-readable commands into the tinyexec library:
import { tokenizeArgs } from "args-tokenizer";
import { x } from "tinyexec";
const [command, ...args] = tokenizeArgs("ls -la");
const result = await x(command, args);
console.log(result.stdout);
API
tokenizeArgs(command: string, options: Options): string[]
Parses a shell command string into an array of arguments. Properly handles:
- Quoted strings (e.g.,
'"./path/to/file"'). - Escaped characters (e.g.,
\"). - Multiline commands (e.g., lines ending with
\\).
Options
loose: Iftrue, the tokenizer will not throw an error when closing quotes are missing. Default isfalse.
Examples
// Without loose option (default behavior)
// This will throw an error due to the missing closing quote
tokenizeArgs('command "arg1 arg2');
// With loose option enabled
const args = tokenizeArgs('command "arg1 arg2', { loose: true });
// ['command', 'arg1 arg2']
License
This project is licensed under the MIT License.
Contributing
Contributions are welcome! Feel free to open issues or submit pull requests to improve the library.
FAQs
Tokenize a shell string into argv array
The npm package args-tokenizer receives a total of 14,936 weekly downloads. As such, args-tokenizer popularity was classified as popular.
We found that args-tokenizer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 29 Dec 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025
Research
Security News
Malicious Ruby Gems Exfiltrate Telegram Tokens and Messages Following Vietnam Ban
Malicious Ruby gems typosquat Fastlane plugins to steal Telegram bot tokens, messages, and files, exploiting demand after Vietnam’s Telegram ban.
By Kirill Boychenko - Jun 03, 2025