Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
bash-language-server
Advanced tools
Bash language server that brings an IDE-like experience for bash scripts to most editors. This is based on the Tree Sitter parser and supports explainshell, shellcheck and shfmt.
Documentation around configuration variables can be found in the config.ts file.
To be implemented:
As a dependency, we recommend that you first install shellcheck to enable linting:
https://github.com/koalaman/shellcheck#installing . If shellcheck
is installed,
bash-language-server will automatically call it to provide linting and code analysis each time the
file is updated (with debounce time of 500ms).
If you want your shell scripts to be formatted consistently, you can install shfmt. If
shfmt
is installed then your documents will be formatted whenever you take the 'format document'
action. In most editors this can be configured to happen automatically when files are saved.
Usually you want to install a client for your editor (see the section below).
But if you want to install the server binary (for examples for editors, like helix, where a generic LSP client is built in), you can install from npm registry as:
npm i -g bash-language-server
Alternatively, bash-language-server may also be distributed directly by your Linux distro, for example on Fedora based distros:
dnf install -y nodejs-bash-language-server
Or on Ubuntu with snap:
sudo snap install bash-language-server --classic
To verify that everything is working:
bash-language-server --help
If you encounter installation errors, ensure you have node version 16 or newer (node --version
).
The following editors and IDEs have available clients:
For Vim 8 or later install the plugin prabirshrestha/vim-lsp and add the following configuration to .vimrc
:
if executable('bash-language-server')
au User lsp_setup call lsp#register_server({
\ 'name': 'bash-language-server',
\ 'cmd': {server_info->['bash-language-server', 'start']},
\ 'allowlist': ['sh', 'bash'],
\ })
endif
For Vim 8 or Neovim using YouCompleteMe, add the following to .vimrc
:
let g:ycm_language_server =
\ [
\ {
\ 'name': 'bash',
\ 'cmdline': [ 'bash-language-server', 'start' ],
\ 'filetypes': [ 'sh' ],
\ }
\ ]
For Vim 8 or Neovim using neoclide/coc.nvim, according to it's Wiki article, add the following to your coc-settings.json
:
"languageserver": {
"bash": {
"command": "bash-language-server",
"args": ["start"],
"filetypes": ["sh"],
"ignoredRootPaths": ["~"]
}
}
For Vim 8 or NeoVim using dense-analysis/ale add the following
configuration to your .vimrc
:
let g:ale_linters = {
\ 'sh': ['language_server'],
\ }
For Neovim v0.8:
vim.api.nvim_create_autocmd('FileType', {
pattern = 'sh',
callback = function()
vim.lsp.start({
name = 'bash-language-server',
cmd = { 'bash-language-server', 'start' },
})
end,
})
For NeoVim using autozimu/LanguageClient-neovim, add the following configuration to
init.vim
:
let g:LanguageClient_serverCommands = {
\ 'sh': ['bash-language-server', 'start']
\ }
For Vim8/NeoVim v0.5 using jayli/vim-easycomplete. Execute :InstallLspServer sh
and config nothing. Maybe it's the easiest way to use bash-language-server in vim/nvim.
On the config file (File -> Preferences -> Edit Oni config
) add the following configuration:
"language.bash.languageServer.command": "bash-language-server",
"language.bash.languageServer.arguments": ["start"],
Lsp-mode has a built-in client, can be installed by use-package
.
Add the configuration to your .emacs.d/init.el
(use-package lsp-mode
:commands lsp
:hook
(sh-mode . lsp))
Using the built-in eglot
lsp mode:
(use-package eglot
:config
(add-to-list 'eglot-server-programs '((sh-mode bash-ts-mode) . ("bash-language-server" "start")))
:hook
(sh-mode . eglot-ensure)
(bash-ts-mode . eglot-ensure))
shfmt
integrationThe indentation used by shfmt
is whatever has been configured for the current editor session, so
there is no shfmt
-specific configuration variable for this. If your editor is configured for
two-space indents then that's what it will use. If you're using tabs for indentation then shfmt
will use that.
The shfmt
integration also supports configuration via .editorconfig
. If any shfmt
-specific
configuration properties are found in .editorconfig
then the config in .editorconfig
will be
used and the language server config will be ignored. This follows shfmt
's approach of using either
.editorconfig
or command line flags, but not both. Note that only shfmt
-specific configuration
properties are read from .editorconfig
- indentation preferences are still provided by the editor,
so to format using the indentation specified in .editorconfig
make sure your editor is also
configured to read .editorconfig
. It is possible to disable .editorconfig
support and always use
the language server config by setting the "Ignore Editorconfig" configuration variable.
The minimum logging level for the server can be adjusted using the BASH_IDE_LOG_LEVEL
environment variable
and through the general workspace configuration.
Please see docs/development-guide for more information.
FAQs
A language server for Bash
The npm package bash-language-server receives a total of 4,559 weekly downloads. As such, bash-language-server popularity was classified as popular.
We found that bash-language-server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.