
Research
/Security News
Weaponizing Discord for Command and Control Across npm, PyPI, and RubyGems.org
Socket researchers uncover how threat actors weaponize Discord across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Please check out the roadmap for upcoming features and releases. Please open Issues to provide feedback, and check the develop
branch for the latest bleeding-edge updates.
npm install colors
By popular demand, colors
now ships with two types of usages!
The super nifty way
var colors = require('colors');
console.log('hello'.green); // outputs green text
console.log('i like cake and pies'.underline.red) // outputs red underlined text
console.log('inverse the color'.inverse); // inverses the color
console.log('OMG Rainbows!'.rainbow); // rainbow
console.log('Run the trap'.trap); // Drops the bass
or a slightly less nifty way which doesn't extend String.prototype
var colors = require('colors/safe');
console.log(colors.green('hello')); // outputs green text
console.log(colors.red.underline('i like cake and pies')) // outputs red underlined text
console.log(colors.inverse('inverse the color')); // inverses the color
console.log(colors.rainbow('OMG Rainbows!')); // rainbow
console.log(colors.trap('Run the trap')); // Drops the bass
I prefer the first way. Some people seem to be afraid of extending String.prototype
and prefer the second way.
If you are writing good code you will never have an issue with the first approach. If you really don't want to touch String.prototype
, the second usage will not touch String
native object.
The package will auto-detect whether your terminal can use colors and enable/disable accordingly. When colors are disabled, the color functions do nothing. You can override this with a command-line flag:
node myapp.js --no-color
node myapp.js --color=false
node myapp.js --color
node myapp.js --color=true
node myapp.js --color=always
FORCE_COLOR=1 node myapp.js
Or in code:
var colors = require('colors');
colors.enable();
colors.disable();
var name = 'Marak';
console.log(colors.green('Hello %s'), name);
// outputs -> 'Hello Marak'
var colors = require('colors');
colors.setTheme({
silly: 'rainbow',
input: 'grey',
verbose: 'cyan',
prompt: 'grey',
info: 'green',
data: 'grey',
help: 'cyan',
warn: 'yellow',
debug: 'blue',
error: 'red'
});
// outputs red text
console.log("this is an error".error);
// outputs yellow text
console.log("this is a warning".warn);
var colors = require('colors/safe');
// set single property
var error = colors.red;
error('this is red');
// set theme
colors.setTheme({
silly: 'rainbow',
input: 'grey',
verbose: 'cyan',
prompt: 'grey',
info: 'green',
data: 'grey',
help: 'cyan',
warn: 'yellow',
debug: 'blue',
error: 'red'
});
// outputs red text
console.log(colors.error("this is an error"));
// outputs yellow text
console.log(colors.warn("this is a warning"));
var colors = require('colors');
colors.setTheme({
custom: ['red', 'underline']
});
console.log('test'.custom);
Protip: There is a secret undocumented style in colors
. If you find the style you can summon him.
Chalk is a popular npm package similar to colors. It provides a chainable API and has a cleaner syntax. Chalk is also known for being more performant and not extending String.prototype, which is considered a good practice.
cli-color is another package that offers similar functionality to colors. It provides a rich set of features for coloring and formatting terminal text. Unlike colors, cli-color does not modify the String prototype and is more modular.
ansi-colors is a lightweight alternative to colors that focuses on speed and avoiding the use of prototypes. It offers a simple API for styling terminal text using ANSI escape codes.
FAQs
get colors in your node.js console
The npm package colors receives a total of 18,202,417 weekly downloads. As such, colors popularity was classified as popular.
We found that colors demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Socket researchers uncover how threat actors weaponize Discord across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Security News
Socket now integrates with Bun 1.3’s Security Scanner API to block risky packages at install time and enforce your organization’s policies in local dev and CI.
Research
The Socket Threat Research Team is tracking weekly intrusions into the npm registry that follow a repeatable adversarial playbook used by North Korean state-sponsored actors.