Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
child-process-ext
Advanced tools
The child-process-ext package is a Node.js module that extends the core 'child_process' module with additional functionality and convenience methods. It simplifies working with child processes in Node.js by providing enhanced features for spawning, executing, and managing child processes.
Spawn with Promises
This feature allows you to spawn a child process and work with it using promises, making it easier to handle the asynchronous nature of child process execution. The example shows how to list the contents of the '/usr' directory.
const { spawn } = require('child-process-ext');
async function runCommand() {
try {
const result = await spawn('ls', ['-lh', '/usr']);
console.log(`stdout: ${result.stdout}`);
} catch (error) {
console.error(`Error: ${error.message}`);
}
}
runCommand();
Execute with Enhanced Output Handling
This feature simplifies executing a command and directly handling its output. It enhances the default 'exec' by providing a more straightforward way to access stdout and stderr. The example demonstrates checking the Node.js version installed.
const { exec } = require('child-process-ext');
async function executeCommand() {
try {
const { stdout, stderr } = await exec('node -v');
console.log(`Node Version: ${stdout}`);
} catch (error) {
console.error(`Error: ${stderr}`);
}
}
executeCommand();
Execa is a popular npm package that provides a better interface for executing child processes. It supports both promise and async/await syntax, similar to child-process-ext, but with additional features like automatic escaping of arguments and more detailed process result information.
Cross-spawn is another npm package that aims to solve cross-platform issues when using child_process.spawn(). While child-process-ext enhances functionality with promises and better output handling, cross-spawn focuses on ensuring consistent behavior of spawned processes across different operating systems.
child_process
extensionsnpm install child-process-ext
spawn(command[, args[, options]])
Cross system compliant spawn
(backed by cross-spawn
).
Works exactly same way as node's spawn
with difference that promise is returned that resolves once process exits.
Following properties are exposed on return promise:
child
- child processstdout
- stdout stream (decorated so it can also be used as promise)stderr
- stderr stream (decorated so it can also be used as promise)std
- Merged stdout & stderr stream (decorated so it can also be used as promise)stdoutBuffer
- Buffer that exposes so far written stdout
stderrBuffer
- Buffer that exposes so far written stderrr
stdBuffer
- Buffer that exposes so far written std
Promise resolves with object with three properties:
code
- Exit code of a child processignal
- Signal that terminated the processstdoutBuffer
- Buffer containing gathered stdout
contentstderrBuffer
- Buffer containing gathered stderr
contentstdBuffer
- Buffer containing gathered stderr
contentIf process exits with non zero code, then promise is rejected with an error exposing same properties as above
bool
(default: false
)Whether stdout data should be split by lines. If set to true
, then stdout
and stderr
on promise expose mappers of original stdout
and stderr
that emit each line with distinct data
event
bool
(default: false
)Whether stdin should be closed. Applicable for spawned processes where stdin
is set to other than 'inherit'
mode, and underlying processes is reading from stdin
. Not providing any stdin
output, may produce stall if process logic waits for an input.
See: get-stdin#13 for more information
npm test
FAQs
Extensions to Node.js child_process module
We found that child-process-ext demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.