Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
chokidar-cli
Advanced tools
Ultra-fast cross-platform command line utility to watch file system changes.
chokidar-cli is a command-line interface for the Chokidar file watcher library. It allows you to watch files and directories for changes and execute commands in response to those changes. This is particularly useful for automating tasks such as building, testing, or deploying code when files are modified.
Watch a directory and run a command on change
This feature allows you to watch all JavaScript files in a directory and run a specified command whenever any of those files change. In this example, the 'npm run build' command will be executed whenever a .js file is modified.
chokidar '**/*.js' -c 'npm run build'
Watch multiple directories
You can watch multiple directories and run a command when any file in those directories changes. In this example, both the 'src' and 'test' directories are being watched, and the 'npm test' command will be executed on any change.
chokidar 'src/**/*.js' 'test/**/*.js' -c 'npm test'
Ignore specific files or directories
This feature allows you to ignore specific files or directories while watching for changes. In this example, all JavaScript files are being watched except those in the 'node_modules' directory, and the 'npm run lint' command will be executed on any change.
chokidar '**/*.js' -i 'node_modules' -c 'npm run lint'
Run a command only once after multiple changes
This feature allows you to debounce the execution of a command, meaning the command will only run once after a series of changes within a specified time frame. In this example, the 'npm run build' command will be executed 500 milliseconds after the last change.
chokidar '**/*.js' -c 'npm run build' --debounce 500
Nodemon is a utility that monitors for any changes in your source and automatically restarts your server. It is primarily used for Node.js applications and offers similar file-watching capabilities but is more focused on restarting Node.js processes.
The 'watch' package is a simple, standalone file-watching utility that can execute commands when files change. It is less feature-rich compared to chokidar-cli but can be a lightweight alternative for basic file-watching tasks.
Onchange is another command-line utility for watching files and directories. It is similar to chokidar-cli in terms of functionality but offers a simpler API and fewer configuration options.
Fast cross-platform command line utility to watch file system changes.
The underlying watch library is Chokidar, which is one of the best watch utilities for Node. Chokidar is battle-tested:
It is used in brunch, gulp, karma, PM2, browserify, webpack, BrowserSync, socketstream, derby, and many others. It has proven itself in production environments.
If you need it only with npm scripts:
npm install chokidar-cli
Or globally
npm install -g chokidar-cli
Chokidar can be invoked using the chokidar
command, without the -cli
suffix.
Arguments use the form of runtime flags with string parameters, delimited by quotes. While in principal both single and double quotes are supported by chokidar-cli
, the actual command line argument parsing is dependent on the operating system and shell used; for cross-platform compatibility, use double quotes (with escaping, if necessary), as single quotes are not universally supported by all operating systems.
This is particularly important when using chokidar-cli for run scripts specified in package.json
. For maximum platform compatibility, make sure to use escaped double quotes around chokidar's parameters:
"run": {
"chokidar": "chokidar \"**/*.js\" -c \"...\""
},
By default chokidar
streams changes for all patterns to stdout:
$ chokidar "**/*.js" "**/*.less"
change:test/dir/a.js
change:test/dir/a.less
add:test/b.js
unlink:test/b.js
Each change is represented with format event:relativepath
. Possible events: add
, unlink
, addDir
, unlinkDir
, change
.
Output only relative paths on each change
$ chokidar "**/*.js" "**/*.less" | cut -d ":" -f 2-
test/dir/a.js
test/dir/a.less
test/b.js
test/b.js
Run npm run build-js whenever any .js file changes in the current work directory tree
chokidar "**/*.js" -c "npm run build-js"
Watching in network directories must use polling
chokidar "**/*.less" -c "npm run build-less" --polling
Pass the path and event details in to your custom command
chokidar "**/*.less" -c "if [ '{event}' = 'change' ]; then npm run build-less -- {path}; fi;"
Detailed help
Usage: chokidar <pattern> [<pattern>...] [options]
<pattern>:
Glob pattern to specify files to be watched.
Multiple patterns can be watched by separating patterns with spaces.
To prevent shell globbing, write pattern inside quotes.
Guide to globs: https://github.com/isaacs/node-glob#glob-primer
Options:
-c, --command Command to run after each change. Needs to be
surrounded with quotes when command contains spaces.
Instances of `{path}` or `{event}` within the command
will be replaced by the corresponding values from the
chokidar event.
-d, --debounce Debounce timeout in ms for executing command
[default: 400]
-t, --throttle Throttle timeout in ms for executing command
[default: 0]
-s, --follow-symlinks When not set, only the symlinks themselves will be
watched for changes instead of following the link
references and bubbling events through the links path
[boolean] [default: false]
-i, --ignore Pattern for files which should be ignored. Needs to be
surrounded with quotes to prevent shell globbing. The
whole relative or absolute path is tested, not just
filename. Supports glob patterns or regexes using
format: /yourmatch/i
--initial When set, command is initially run once
[boolean] [default: false]
-p, --polling Whether to use fs.watchFile(backed by polling) instead
of fs.watch. This might lead to high CPU utilization.
It is typically necessary to set this to true to
successfully watch files over a network, and it may be
necessary to successfully watch files in other non-
standard situations [boolean] [default: false]
--poll-interval Interval of file system polling. Effective when --
polling is set [default: 100]
--poll-interval-binary Interval of file system polling for binary files.
Effective when --polling is set [default: 300]
--verbose When set, output is more verbose and human readable.
[boolean] [default: false]
--silent When set, internal messages of chokidar-cli won't be
written. [boolean] [default: false]
-h, --help Show help [boolean]
-v, --version Show version number [boolean]
Examples:
chokidar "**/*.js" -c "npm run build-js" build when any .js file changes
chokidar "**/*.js" "**/*.less" output changes of .js and .less
files
MIT
FAQs
Ultra-fast cross-platform command line utility to watch file system changes.
The npm package chokidar-cli receives a total of 226,426 weekly downloads. As such, chokidar-cli popularity was classified as popular.
We found that chokidar-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.