Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
bash3boilerplate
Advanced tools
When hacking up Bash scripts, there are often things such as logging or command-line argument parsing that:
Here's an attempt to bundle those things in a generalized way so that they are reusable as-is in most scripts.
We call it "BASH3 Boilerplate" or b3bp for short.
Delete-Key-Friendly. Instead of introducing packages, includes, compilers, etc., we propose using main.sh
as a base and removing the parts you don't need.
While this may feel a bit archaic at first, it is exactly the strength of Bash scripts that we should want to embrace.
Portable. We are targeting Bash 3 (OSX still ships with 3, for instance). If you are going to ask people to install Bash 4 first, you might as well pick a more advanced language as a dependency.
__file
and __dir
There are three different ways to install b3bp:
Use curl or wget to download the source and save it as your script. Then you can start deleting the unwanted bits, and adding your own logic.
wget http://bash3boilerplate.sh/main.sh
vim main.sh
Besides main.sh
, this will also get you the entire b3bp repository. This includes a few extra functions that we keep in the ./src
directory.
git clone git@github.com:kvz/bash3boilerplate.git
As of v1.0.3
, b3bp can also be installed as a Node module, meaning you can define it as a dependency in package.json
via:
npm init
npm install --save --save-exact bash3boilerplate
Even though this option introduces a Node.js dependency, it does allow for easy version pinning and distribution in environments that already have this prerequisite. This is, however, entirely optional and nothing prevents you from ignoring this possibility.
Please see the CHANGELOG.md file.
Please see the FAQ.md file.
As of v1.0.3
, b3bp offers some nice re-usable libraries in ./src
. In order to make the snippets in ./src
more useful, we recommend the following guidelines.
It is nice to have a Bash package that can not only be used in the terminal, but also invoked as a command line function. In order to achieve this, the exporting of your functionality should follow this pattern:
if [[ "${BASH_SOURCE[0]}" = "${0}" ]]; then
my_script "${@}"
exit $?
fi
export -f my_script
This allows a user to source
your script or invoke it as a script.
# Running as a script
$ ./my_script.sh some args --blah
# Sourcing the script
$ source my_script.sh
$ my_script some more args --blah
(taken from the bpkg project)
local
before every variable declaration.UPPERCASE_VARS
to indicate environment variables that can be controlled outside your script.__double_underscore_prefixed_vars
to indicate global variables that are solely controlled inside your script, with the exception of arguments that are already prefixed with arg_
, as well as functions, over which b3bp poses no restrictions.logger --priority
vs logger -p
). If you are on the CLI, abbreviations make sense for efficiency. Nevertheless, when you are writing reusable scripts, a few extra keystrokes will pay off in readability and avoid ventures into man pages in the future, either by you or your collaborators. Similarly, we prefer set -o nounset
over set -u
.if [[ "${NAME}" = "Kevin" ]]
; double or triple signs are not needed.[[ ... ]]
) rather than the old single square bracket test operator or explicit call to test
.{}
to enclose your variables. Otherwise, Bash will try to access the $ENVIRONMENT_app
variable in /srv/$ENVIRONMENT_app
, whereas you probably intended /srv/${ENVIRONMENT}_app
. Since it is easy to miss cases like this, we recommend that you make enclosing a habit.set
, rather than relying on a shebang like #!/usr/bin/env bash -e
, since that is neutralized when someone runs your script as bash yourscript.sh
.#!/usr/bin/env bash
, as it is more portable than #!/bin/bash
.${BASH_SOURCE[0]}
if you refer to current file, even if it is sourced by a parent script. In other cases, use ${0}
.:-
if you want to test variables that could be undeclared. For instance, with if [[ "${NAME:-}" = "Kevin" ]]
, $NAME
will evaluate to Kevin
if the variable is empty. The variable itself will remain unchanged. The syntax to assign a default value is ${NAME:=Kevin}
.We are looking for endorsements! Are you also using b3bp? Let us know and get listed.
Copyright (c) 2013 Kevin van Zonneveld and contributors. Licensed under MIT. You are not obligated to bundle the LICENSE file with your b3bp projects as long as you leave these references intact in the header comments of your source files.
FAQs
Copypastable templates to write better bash scripts
We found that bash3boilerplate demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.