Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
check-node-version
Advanced tools
The check-node-version npm package is a utility that allows you to check if the current Node.js and npm versions match the specified versions. It is useful for ensuring that your development environment meets the required versions for a project.
Check Node.js version
This feature allows you to check if the current Node.js version meets the specified version requirement. In this example, it checks if the Node.js version is greater than or equal to 10.0.0.
const check = require('check-node-version');
check({ node: '>= 10.0.0' }, (error, result) => {
if (error) {
console.error(error);
return;
}
console.log(result);
});
Check npm version
This feature allows you to check if the current npm version meets the specified version requirement. In this example, it checks if the npm version is greater than or equal to 6.0.0.
const check = require('check-node-version');
check({ npm: '>= 6.0.0' }, (error, result) => {
if (error) {
console.error(error);
return;
}
console.log(result);
});
Check multiple versions
This feature allows you to check multiple version requirements at once. In this example, it checks if both the Node.js version is greater than or equal to 10.0.0 and the npm version is greater than or equal to 6.0.0.
const check = require('check-node-version');
check({ node: '>= 10.0.0', npm: '>= 6.0.0' }, (error, result) => {
if (error) {
console.error(error);
return;
}
console.log(result);
});
The engines package allows you to specify the required versions of Node.js and npm in your package.json file. It is similar to check-node-version but is more focused on defining version requirements within the package.json file rather than programmatically checking them.
The semver package is a library for parsing, validating, and comparing semantic version numbers. While it does not specifically check the current Node.js or npm versions, it can be used to implement similar functionality by comparing version strings.
The node-version-check package is another utility for checking the current Node.js version against a specified version range. It is similar to check-node-version but is more lightweight and focused solely on Node.js version checking.
Check installed versions of node
, npm
, npx
, yarn
, and pnpm
.
npm install check-node-version
SYNOPSIS
check-node-version [OPTIONS]
DESCRIPTION
check-node-version will check if the current node, npm, npx, yarn and pnpm
versions match the given semver version ranges.
If the given version is not satisfied, information about
installing the needed version is printed and the program exits
with an error code.
OPTIONS
--node VERSION
Check that the current node version matches the given semver
version range.
--npm VERSION
Check that the current npm version matches the given semver
version range.
--npx VERSION
Check that the current npx version matches the given semver
version range.
--yarn VERSION
Check that the current yarn version matches the given semver
version range.
--pnpm VERSION
Check that the current pnpm version matches the given semver
version range.
--package
Use the "engines" key in the current package.json for the
semver version ranges.
--volta
Use the versions pinned by Volta in the package.json
-p, --print
Print installed versions.
-h, --help
Print this message.
Check for node 6, but have 8.2.1 installed.
$ check-node-version --node 6
node: 8.2.1
Error: Wanted node version 6 (>=6.0.0 <7.0.0)
To install node, run `nvm install 6` or see https://nodejs.org/
$ echo $?
1
If all versions match, there is no output:
$ check-node-version --node 6
$ echo $?
0
You can check versions of any combinations of node
, npm
, npx
, yarn
, and pnpm
at one time.
$ check-node-version --node 4 --npm 2.14 --npx 6 --yarn 0.17.1 --pnpm 6.20.1
You can check versions pinned by Volta:
$ check-node-version --volta
Use the --print
option to print currently installed versions.
If given a tool to check, only that will be printed.
Otherwise, all known tools will be printed.
Notes a missing tool.
$ check-node-version --print --node 11.12
node: 11.12.0
$ echo $?
0
$ check-node-version --print
yarn: not found
node: 11.12.0
npm: 6.9.0
npx: 10.2.0
$ $LASTEXITCODE
0
NOTE: Both preceding examples show that this works equally cross-platform, the first one being a *nix shell, the second one running on Windows.
NOTE: As per Issue 36, non-semver-compliant versions (looking at yarn here) will be handled similarly to missing tools, just with a different error message.
At the time of writing, we think that
- all tools should always use semver
- exceptions are bound too be very rare
- preventing a crash is sufficient
Consequently, we do not intend to support non-compliant versions to any further extent.
.nvmrc
file$ check-node-version --node $(cat .nvmrc) --npm 2.14
npm test
{
"name": "my-package",
"devDependencies": {
"check-node-version": "^1.0.0"
},
"scripts": {
"test": "check-node-version --node '>= 4.2.3' && node my-tests.js"
}
}
This module can also be used programmatically.
Pass it an object with the required versions of node
, npm
, npx
, yarn
and/or pnpm
followed by a results handler.
const check = require("check-node-version");
check(
{ node: ">= 18.3", },
(error, result) => {
if (error) {
console.error(error);
return;
}
if (result.isSatisfied) {
console.log("All is well.");
return;
}
console.error("Some package version(s) failed!");
for (const packageName of Object.keys(result.versions)) {
if (!result.versions[packageName].isSatisfied) {
console.error(`Missing ${packageName}.`);
}
}
}
);
See index.d.ts
for the full input and output type definitions.
FAQs
Check installed versions of node and npm
We found that check-node-version demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.