Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
bin-path
bin-path gives you absolute paths to dependee modules' executable scripts.
Deprecated
This module's approach does not work for modules that do not have a 'main' in their package.json.
This is fixed in timoxley/npm-which which duplicates npm's PATH setting machinery.
Usage
// pass in require so we can resolve relative to the calling module.
var binPath = require('bin-path')(require)
binPath('tape', function(err, bin) {
if (err) return console.error(err)
console.log(bin)
// => {"tape":"/Users/timoxley/Projects/find-bin/node_modules/tape/bin/tape"}
// bin-path can also be executed syncronously:
var rimRafBin = binPath('rimraf')
console.log(rimRafBin)
// => { rimraf: '/Users/timoxley/Projects/find-bin/node_modules/rimraf/bin.js' })
})
Why
npm binwill return the location of thenode_modules/.bindirectory, but it does not take into account being called within the context of another module, this is a problem because:- You can't rely on
__dirname + '/node_modules/'actually containing your module, the module may exist higher in the hierarchy due to deduping. If the module does exist higher, thennode_modules/.binwill also be missing for your module. - Shelling out to
npm binis slow anyway; it has to wait for all of npm to boot up, and npm is a heavy dependency to include if all you want is to get a bin path. - Relying on hard paths to executables is brittle e.g. linking directly to a module's
bin/executable. Using the thebinfield inpackage.jsonallows module authors to change the path ofthe actual executable without breaking dependee modules. Finding the actual path to the executable is also a problem because of point 2 above.
How
bin-path resolves module location, and loads bin
from package.json directly, resolving to normalized, absolute paths.
Alternative Solution
Invoke your modules via npm scripts (e.g. npm start), this will set up the $PATH to find
executables correctly. This still incurs the startup time of npm though, and isn't always
practical, for example, npm scripts cannot accept commandline parameters (though you can use
environment variables largely for the same purpose).
Licence
MIT
FAQs
Get paths to module executables
The npm package bin-path receives a total of 24 weekly downloads. As such, bin-path popularity was classified as not popular.
We found that bin-path demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 24 May 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025