Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
bash-language-server
Advanced tools
Bash language server that brings an IDE-like experience for bash scripts to most editors. This is based on the Tree Sitter parser and supports explainshell and shellcheck.
Documentation around configuration variables can be found in the config.ts file.
To be implemented:
As a dependency, we recommend that you first install shellcheck shellcheck to enable linting: https://github.com/koalaman/shellcheck#installing . If shellcheck is installed, bash-language-server will automatically call it to provide linting and code analysis each time the file is updated (with debounce time or 500ms).
Usually you want to install a client for your editor (see the section below).
But if you want to install the server binary (for examples for editors, like helix, where a generic LSP client is built in), you can install from npm registry as:
npm i -g bash-language-server
Alternatively, bash-language-server may also be distributed directly by your Linux distro, for example on Fedora based distros:
dnf install -y nodejs-bash-language-server
Or on Ubuntu with snap:
sudo snap install bash-language-server --classic
To verify that everything is working:
bash-language-server --help
If you encounter installation errors, ensure you have node version 16 or newer (node --version
).
The following editors and IDEs have available clients:
For Vim 8 or later install the plugin prabirshrestha/vim-lsp and add the following configuration to .vimrc
:
if executable('bash-language-server')
au User lsp_setup call lsp#register_server({
\ 'name': 'bash-language-server',
\ 'cmd': {server_info->['bash-language-server', 'start']},
\ 'allowlist': ['sh', 'bash'],
\ })
endif
For Vim 8 or Neovim using YouCompleteMe, add the following to .vimrc
:
let g:ycm_language_server =
\ [
\ {
\ 'name': 'bash',
\ 'cmdline': [ 'bash-language-server', 'start' ],
\ 'filetypes': [ 'sh' ],
\ }
\ ]
For Vim 8 or Neovim using neoclide/coc.nvim, according to it's Wiki article, add the following to your coc-settings.json
:
"languageserver": {
"bash": {
"command": "bash-language-server",
"args": ["start"],
"filetypes": ["sh"],
"ignoredRootPaths": ["~"]
}
}
For Vim 8 or NeoVim using dense-analysis/ale add the following
configuration to your .vimrc
:
let g:ale_linters = {
\ 'sh': ['language_server'],
\ }
For Neovim v0.8:
vim.api.nvim_create_autocmd('FileType', {
pattern = 'sh',
callback = function()
vim.lsp.start({
name = 'bash-language-server',
cmd = { 'bash-language-server', 'start' },
})
end,
})
For NeoVim using autozimu/LanguageClient-neovim, add the following configuration to
init.vim
:
let g:LanguageClient_serverCommands = {
\ 'sh': ['bash-language-server', 'start']
\ }
For Vim8/NeoVim v0.5 using jayli/vim-easycomplete. Execute :InstallLspServer sh
and config nothing. Maybe it's the easiest way to use bash-language-server in vim/nvim.
On the config file (File -> Preferences -> Edit Oni config
) add the following configuration:
"language.bash.languageServer.command": "bash-language-server",
"language.bash.languageServer.arguments": ["start"],
Lsp-mode has a built-in client, can be installed by use-package
.
Add the configuration to your .emacs.d/init.el
(use-package lsp-mode
:commands lsp
:hook
(sh-mode . lsp))
The minimum logging level for the server can be adjusted using the BASH_IDE_LOG_LEVEL
environment variable
and through the general workspace configuration.
Please see docs/development-guide for more information.
FAQs
A language server for Bash
The npm package bash-language-server receives a total of 6,149 weekly downloads. As such, bash-language-server popularity was classified as popular.
We found that bash-language-server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.