Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Simple TypeScript CLI library that bridges the gap between "commander" and "enquirer" . Automatically.
Most of the time when you are building a CLI, you want to use "commander" to parse the command line arguments and "enquirer" to prompt the user for input. This library makes it easy to use both together.
# Install autoprompt and peer dependencies
# npm
npm install autoprompt enquirer commander
# yarn
yarn add autoprompt enquirer commander
# pnpm
pnpm add autoprompt enquirer commander
import { autoprompt } from 'autoprompt';
import { program } from 'commander';
interface Pizza {
name: string;
size: number;
cheese: boolean;
crust: "hand-tossed" | "pan" | "thin";
toppings: ("pepperoni" | "cheese" | "sausage" | "pineapple")[];
}
program
.option("-n, --name <string>", "Pizza name")
.option("-s, --size <number>", "Pizza size")
.option("-c, --cheese <boolean>", "Add cheese")
.option("-r, --crust <oneof:hand-tossed|pan|thin>", "Crust type")
.option(
"-t, --toppings <of:pepperoni|cheese|sausage|pineapple>",
"Toppings",
);
program.parse(process.argv);
// prompt the user for optionss not provided on the command line
const options = await autoprompt<Pizza>(program);
console.log(options);
/**
* {
* name: "Pepperoni",
* size: 12,
* cheese: true,
* crust: "hand-tossed",
* toppings: ["pepperoni", "cheese"]
* }
*/
A couple of things of note that are required for autoprompt
to work:
autoprompt
function must be called after all the options have been defined.<>
after the option name. This is how autoprompt
knows what type of prompt to use.autoprompt
that is a combination of the Command
and Enquirer
options in order for the return type to be correct.Right now autoprompt
only supports the following types/prompts:
string
-> input
number
-> numeral
boolean
-> confirm
oneof:<values>
-> select
of:<values>
-> multiselect
PRs are welcome to add more types/prompts!
This repo uses biome
and pnpm
.
# Install dependencies
pnpm install
# Tests
pnpm -r test
# Biome Check
pnpm -r check
# Biome Apply Fixes
pnpm -r check --apply
# Build
pnpm -r build
# Start Build in Watch Mode
pnpm -F autoprompt start
# Run the test CLI
pnpm -F integration tsx bin/test.ts
pnpm -F integration tsx bin/test.ts --name "hi"
FAQs
Bridges the gap between enquirer and commander
The npm package autoprompt receives a total of 26 weekly downloads. As such, autoprompt popularity was classified as not popular.
We found that autoprompt demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.