Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
The ci-info npm package provides information about the Continuous Integration (CI) environment that your code is running in. It can detect if the current environment is a CI server and provide details about which one it is. This is useful for adjusting the behavior of your application or scripts based on whether they are being run in a CI environment or not.
Detecting CI environment
This feature allows you to check if your code is running in a CI environment. The property 'isCI' will be true if it is, or false otherwise.
const ci = require('ci-info');
if (ci.isCI) {
console.log('The code is running in a CI environment.');
} else {
console.log('This is not a CI environment.');
}
Identifying specific CI service
This feature allows you to check for specific CI services. Each supported CI service has a corresponding property that will be true if the code is running on that service.
const ci = require('ci-info');
if (ci.TRAVIS) {
console.log('The code is running on Travis CI.');
}
Getting CI service name
This feature allows you to retrieve the name of the CI service that the code is running on, if it is running in a CI environment.
const ci = require('ci-info');
if (ci.isCI) {
console.log(`The CI service name is ${ci.name}`);
}
Similar to ci-info, is-ci is a simple package that allows you to detect if your code is running in a CI environment. However, it does not provide detailed information about which CI service is being used.
env-ci is another package that provides information about the CI environment. It offers similar functionality to ci-info, but also includes additional metadata such as branch name, build number, and commit information.
Get details about the current Continuous Integration environment.
Please open an issue if your CI server isn't properly detected :)
npm install ci-info --save
var ci = require('ci-info')
if (ci.isCI) {
console.log('The name of the CI server is:', ci.name)
} else {
console.log('This program is not running on a CI server')
}
Officially supported CI servers:
Name | Constant | isPR |
---|---|---|
Agola CI | ci.AGOLA | ✅ |
Appcircle | ci.APPCIRCLE | ✅ |
AppVeyor | ci.APPVEYOR | ✅ |
AWS CodeBuild | ci.CODEBUILD | ✅ |
Azure Pipelines | ci.AZURE_PIPELINES | ✅ |
Bamboo by Atlassian | ci.BAMBOO | 🚫 |
Bitbucket Pipelines | ci.BITBUCKET | ✅ |
Bitrise | ci.BITRISE | ✅ |
Buddy | ci.BUDDY | ✅ |
Buildkite | ci.BUILDKITE | ✅ |
CircleCI | ci.CIRCLE | ✅ |
Cirrus CI | ci.CIRRUS | ✅ |
Codefresh | ci.CODEFRESH | ✅ |
Codeship | ci.CODESHIP | 🚫 |
Drone | ci.DRONE | ✅ |
dsari | ci.DSARI | 🚫 |
Earthly CI | ci.EARTHLY | 🚫 |
Expo Application Services | ci.EAS | 🚫 |
Gerrit CI | ci.GERRIT | 🚫 |
GitHub Actions | ci.GITHUB_ACTIONS | ✅ |
GitLab CI | ci.GITLAB | ✅ |
Gitea Actions | ci.GITEA_ACTIONS | 🚫 |
GoCD | ci.GOCD | 🚫 |
Google Cloud Build | ci.GOOGLE_CLOUD_BUILD | 🚫 |
Harness CI | ci.HARNESS | 🚫 |
Heroku | ci.HEROKU | 🚫 |
Hudson | ci.HUDSON | 🚫 |
Jenkins CI | ci.JENKINS | ✅ |
LayerCI | ci.LAYERCI | ✅ |
Magnum CI | ci.MAGNUM | 🚫 |
Netlify CI | ci.NETLIFY | ✅ |
Nevercode | ci.NEVERCODE | ✅ |
Prow | ci.PROW | 🚫 |
ReleaseHub | ci.RELEASEHUB | 🚫 |
Render | ci.RENDER | ✅ |
Sail CI | ci.SAIL | ✅ |
Screwdriver | ci.SCREWDRIVER | ✅ |
Semaphore | ci.SEMAPHORE | ✅ |
Sourcehut | ci.SOURCEHUT | 🚫 |
Strider CD | ci.STRIDER | 🚫 |
TaskCluster | ci.TASKCLUSTER | 🚫 |
TeamCity by JetBrains | ci.TEAMCITY | 🚫 |
Travis CI | ci.TRAVIS | ✅ |
Vela | ci.VELA | ✅ |
Vercel | ci.VERCEL | ✅ |
Visual Studio App Center | ci.APPCENTER | 🚫 |
Woodpecker | ci.WOODPECKER | ✅ |
ci.name
Returns a string containing name of the CI server the code is running on.
If CI server is not detected, it returns null
.
Don't depend on the value of this string not to change for a specific
vendor. If you find your self writing ci.name === 'Travis CI'
, you
most likely want to use ci.TRAVIS
instead.
ci.isCI
Returns a boolean. Will be true
if the code is running on a CI server,
otherwise false
.
Some CI servers not listed here might still trigger the ci.isCI
boolean to be set to true
if they use certain vendor neutral
environment variables. In those cases ci.name
will be null
and no
vendor specific boolean will be set to true
.
ci.isPR
Returns a boolean if PR detection is supported for the current CI server. Will
be true
if a PR is being tested, otherwise false
. If PR detection is
not supported for the current CI server, the value will be null
.
ci.<VENDOR-CONSTANT>
A vendor specific boolean constant is exposed for each support CI
vendor. A constant will be true
if the code is determined to run on
the given CI server, otherwise false
.
Examples of vendor constants are ci.TRAVIS
or ci.APPVEYOR
. For a
complete list, see the support table above.
ci-info has been ported to the following languages
Language | Repository |
---|---|
Go | https://github.com/hofstadter-io/cinful |
Rust | https://github.com/sagiegurari/ci_info |
Kotlin | https://github.com/cloudflightio/ci-info |
FAQs
Get details about the current Continuous Integration environment
The npm package ci-info receives a total of 31,841,158 weekly downloads. As such, ci-info popularity was classified as popular.
We found that ci-info demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.