Security News
The Changelog Podcast: Practical Steps to Stay Safe on npm
Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.
By Sarah Gooding -  Oct 31, 2025
🚀 DAY 5 OF LAUNCH WEEK: Introducing Socket Firewall Enterprise.Learn more →
bin-path
bin-path gives you absolute paths to dependee modules' executable scripts.
Deprecated
This module's approach does not work for modules that do not have a 'main' in their package.json.
This is fixed in timoxley/npm-which which duplicates npm's PATH setting machinery.
Usage
// pass in require so we can resolve relative to the calling module.
var binPath = require('bin-path')(require)
binPath('tape', function(err, bin) {
if (err) return console.error(err)
console.log(bin)
// => {"tape":"/Users/timoxley/Projects/find-bin/node_modules/tape/bin/tape"}
// bin-path can also be executed syncronously:
var rimRafBin = binPath('rimraf')
console.log(rimRafBin)
// => { rimraf: '/Users/timoxley/Projects/find-bin/node_modules/rimraf/bin.js' })
})
Why
npm binwill return the location of thenode_modules/.bindirectory, but it does not take into account being called within the context of another module, this is a problem because:- You can't rely on
__dirname + '/node_modules/'actually containing your module, the module may exist higher in the hierarchy due to deduping. If the module does exist higher, thennode_modules/.binwill also be missing for your module. - Shelling out to
npm binis slow anyway; it has to wait for all of npm to boot up, and npm is a heavy dependency to include if all you want is to get a bin path. - Relying on hard paths to executables is brittle e.g. linking directly to a module's
bin/executable. Using the thebinfield inpackage.jsonallows module authors to change the path ofthe actual executable without breaking dependee modules. Finding the actual path to the executable is also a problem because of point 2 above.
How
bin-path resolves module location, and loads bin
from package.json directly, resolving to normalized, absolute paths.
Alternative Solution
Invoke your modules via npm scripts (e.g. npm start), this will set up the $PATH to find
executables correctly. This still incurs the startup time of npm though, and isn't always
practical, for example, npm scripts cannot accept commandline parameters (though you can use
environment variables largely for the same purpose).
Licence
MIT
FAQs
Get paths to module executables
We found that bin-path demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 24 May 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Security Community Slams MIT-linked Report Claiming AI Powers 80% of Ransomware
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
By Sarah Gooding -  Oct 30, 2025
Security News
Ruby Core Team Assumes Stewardship of RubyGems and Bundler, Former Maintainers Offer to Transfer All Rights to Matz
Ruby's creator Matz assumes control of RubyGems and Bundler repositories while former maintainers agree to step back and transfer all rights to end the dispute.
By Sarah Gooding -  Oct 29, 2025