Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
better-spawn
Advanced tools
Because child_process.exec
lacks features and child_process.spawn
acts weird, better-spawn
was made.
It is a very simple wrapper around child_process.spawn
to make opening and closing work consistently in linux and windows.
Used by script-runner
npm install better-spawn
child.closed
and child.killed
are now promises.
The boolean states are now available at child.isClosed
and child.isKilled
.
spawn = require('better-spawn')
child = spawn('node', options)
Name | type | default | description |
---|---|---|---|
cwd | String | process.cwd | current working directory |
env | Object | process.env | environment variables |
env.PATH | String | process.env.PATH + ./node_modules/.bin | used to resolve commands |
stdio | See documentation | ["pipe","inherit","inherit"] | to control output |
noOut | Boolean | null | sets stdio[1] = "pipe" |
noErr | Boolean | null | sets stdio[2] = "pipe" |
windowsVerbatimArguments | Boolean | isWindows | to support windows |
detach | Boolean | !isWindows | to support killing on unix |
Promise | Function | global.Promise | supply your own Promise lib |
Name | type | description |
---|---|---|
cmd | String | cmd called |
isKilled | Boolean | is child process killed |
isClosed | Boolean | is child process closed |
killed | Promise | fulfilled when child process killed |
closed | Promise | fulfilled when child process closed |
close | Function | call to kill child process |
// pipe to shell without losing color
child = spawn('node')
// suppress normal output, but maintain err output
child = spawn('node',{noOut:true})
// set empty env (default in node)
child = spawn('node',{env: {PATH:""}})
child_process.exec
, spawns in shell but output has to be piped - color information will be lost.child_process.spawn
, doesn't spawn in shell, so it has to be done by hand (differs in linux and windows)
Main problem is, sh
won't kill its children by child.kill()
, see: node#2098cross-spawn-async
a wrapper for child_process.spawn
to support windows quirks like PATHEXT
or shebangs
not workingexeca
a wrapper for cross-spawn-async
which adds the shell logic, to behave like child_process.exec
, adds promises, modifies PATH
better-spawn
doesn't support PATHEXT
or shebangs on windows
Copyright (c) 2016 Paul Pflugradt Licensed under the MIT license.
FAQs
a better spawn
The npm package better-spawn receives a total of 14 weekly downloads. As such, better-spawn popularity was classified as not popular.
We found that better-spawn demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.