Security News
Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
commander
Advanced tools
The commander npm package is a complete solution for node.js command-line interfaces. It provides a simple and flexible way to write CLI tools, allowing developers to parse command-line arguments, define commands, and automatically generate help messages.
Command parsing
This feature allows you to define options and parse command-line arguments. The code sample demonstrates how to set up a simple CLI with options for debugging, pizza size, and pizza type.
const { program } = require('commander');
program.version('0.0.1');
program
.option('-d, --debug', 'output extra debugging')
.option('-s, --small', 'small pizza size')
.option('-p, --pizza-type <type>', 'flavour of pizza');
program.parse(process.argv);
if (program.debug) console.log(program.opts());
Subcommands
Commander allows you to define subcommands for your CLI application. The code sample shows how to define three subcommands: install, search, and list, with list being the default command.
const { program } = require('commander');
program
.command('install [name]', 'install one or more packages')
.command('search [query]', 'search with optional query')
.command('list', 'list packages installed', { isDefault: true })
.parse(process.argv);
Custom help
You can customize the help output of your CLI tool. The code sample demonstrates how to change the default help option and add a custom help command.
const { program } = require('commander');
program
.helpOption('-e, --HELP', 'read more information')
.addHelpCommand('assist', 'display help for command');
program.parse(process.argv);
Action handler
Commander allows you to attach an action handler to a command. The code sample shows how to define a command that takes a required argument and attaches an action handler to it.
const { program } = require('commander');
program
.command('start <service>')
.description('start the service')
.action(function(service) {
console.log('Starting service:', service);
});
program.parse(process.argv);
Yargs is a node.js library that helps you build interactive command line tools, by parsing arguments and generating an elegant user interface. It provides a fluent API and is similar to commander but with a slightly different philosophy and syntax. Yargs offers more advanced features like command chaining and context-based help.
Meow is a simpler alternative to commander, providing a minimalistic CLI helper with argument parsing. It is less feature-rich compared to commander and yargs, but it is suitable for simpler command-line applications that do not require complex command structures.
Vorpal is a framework for building interactive CLI applications. It is inspired by commander but aims to provide an immersive command-line experience. Vorpal offers a more interactive command-line interface with features like command history and autocomplete, which are not present in commander.
Caporal is a robust framework for building command-line applications. It provides a similar feature set to commander, including argument parsing, command-specific help, and auto-completion. Caporal emphasizes validation and typed options and arguments, which can make it more suitable for applications that require strict input validation.
The complete solution for node.js command-line interfaces, inspired by Ruby's commander.
npm install commander
Commander exports a global object which is convenient for quick programs. This is used in the examples in this README for brevity.
const program = require('commander');
program.version('0.0.1');
For larger programs which may use commander in multiple ways, including unit testing, it is better to create a local Command object to use.
const commander = require('commander');
const program = new commander.Command();
program.version('0.0.1');
Options are defined with the .option()
method, also serving as documentation for the options. Each option can have a short flag (single character) and a long name, separated by a comma or space.
The options can be accessed as properties on the Command object. Multi-word options such as "--template-engine" are camel-cased, becoming program.templateEngine
etc. Multiple short flags may be combined as a single arg, for example -abc
is equivalent to -a -b -c
.
The two most used option types are a boolean flag, and an option which takes a value (declared using angle brackets). Both are undefined
unless specified on command line.
const program = require('commander');
program
.option('-d, --debug', 'output extra debugging')
.option('-s, --small', 'small pizza size')
.option('-p, --pizza-type <type>', 'flavour of pizza');
program.parse(process.argv);
if (program.debug) console.log(program.opts());
console.log('pizza details:');
if (program.small) console.log('- small pizza size');
if (program.pizzaType) console.log(`- ${program.pizzaType}`);
$ pizza-options -d
{ debug: true, small: undefined, pizzaType: undefined }
pizza details:
$ pizza-options -p
error: option '-p, --pizza-type <type>' argument missing
$ pizza-options -ds -p vegetarian
{ debug: true, small: true, pizzaType: 'vegetarian' }
pizza details:
- small pizza size
- vegetarian
$ pizza-options --pizza-type=cheese
pizza details:
- cheese
program.parse(arguments)
processes the arguments, leaving any args not consumed by the options as the program.args
array.
You can specify a default value for an option which takes a value.
const program = require('commander');
program
.option('-c, --cheese <type>', 'add the specified type of cheese', 'blue');
program.parse(process.argv);
console.log(`cheese: ${program.cheese}`);
$ pizza-options
cheese: blue
$ pizza-options --cheese stilton
cheese: stilton
You can specify a boolean option long name with a leading no-
to set the option value to false when used.
Defined alone this also makes the option true by default.
If you define --foo
first, adding --no-foo
does not change the default value from what it would
otherwise be. You can specify a default boolean value for a boolean flag and it can be overridden on command line.
const program = require('commander');
program
.option('--no-sauce', 'Remove sauce')
.option('--cheese <flavour>', 'cheese flavour', 'mozzarella')
.option('--no-cheese', 'plain with no cheese')
.parse(process.argv);
const sauceStr = program.sauce ? 'sauce' : 'no sauce';
const cheeseStr = (program.cheese === false) ? 'no cheese' : `${program.cheese} cheese`;
console.log(`You ordered a pizza with ${sauceStr} and ${cheeseStr}`);
$ pizza-options
You ordered a pizza with sauce and mozzarella cheese
$ pizza-options --sauce
error: unknown option '--sauce'
$ pizza-options --cheese=blue
You ordered a pizza with sauce and blue cheese
$ pizza-options --no-sauce --no-cheese
You ordered a pizza with no sauce and no cheese
You can specify an option which functions as a flag but may also take a value (declared using square brackets).
const program = require('commander');
program
.option('-c, --cheese [type]', 'Add cheese with optional type');
program.parse(process.argv);
if (program.cheese === undefined) console.log('no cheese');
else if (program.cheese === true) console.log('add cheese');
else console.log(`add cheese type ${program.cheese}`);
$ pizza-options
no cheese
$ pizza-options --cheese
add cheese
$ pizza-options --cheese mozzarella
add cheese type mozzarella
You may specify a function to do custom processing of option values. The callback function receives two parameters, the user specified value and the previous value for the option. It returns the new value for the option.
This allows you to coerce the option value to the desired type, or accumulate values, or do entirely custom processing.
You can optionally specify the default/starting value for the option after the function.
const program = require('commander');
function myParseInt(value, dummyPrevious) {
// parseInt takes a string and an optional radix
return parseInt(value);
}
function increaseVerbosity(dummyValue, previous) {
return previous + 1;
}
function collect(value, previous) {
return previous.concat([value]);
}
function commaSeparatedList(value, dummyPrevious) {
return value.split(',');
}
program
.option('-f, --float <number>', 'float argument', parseFloat)
.option('-i, --integer <number>', 'integer argument', myParseInt)
.option('-v, --verbose', 'verbosity that can be increased', increaseVerbosity, 0)
.option('-c, --collect <value>', 'repeatable value', collect, [])
.option('-l, --list <items>', 'comma separated list', commaSeparatedList)
;
program.parse(process.argv);
if (program.float !== undefined) console.log(`float: ${program.float}`);
if (program.integer !== undefined) console.log(`integer: ${program.integer}`);
if (program.verbose > 0) console.log(`verbosity: ${program.verbose}`);
if (program.collect.length > 0) console.log(program.collect);
if (program.list !== undefined) console.log(program.list);
$ custom -f 1e2
float: 100
$ custom --integer 2
integer: 2
$ custom -v -v -v
verbose: 3
$ custom -c a -c b -c c
[ 'a', 'b', 'c' ]
$ custom --list x,y,z
[ 'x', 'y', 'z' ]
The optional version
method adds handling for displaying the command version. The default option flags are -V
and --version
, and when present the command prints the version number and exits.
program.version('0.0.1');
$ ./examples/pizza -V
0.0.1
You may change the flags and description by passing additional parameters to the version
method, using
the same syntax for flags as the option
method. The version flags can be named anything, but a long name is required.
program.version('0.0.1', '-v, --vers', 'output the current version');
You can specify (sub)commands for your top-level command using .command
. There are two ways these can be implemented: using an action handler attached to the command, or as a separate executable file (described in more detail later). In the first parameter to .command
you specify the command name and any command arguments. The arguments may be <required>
or [optional]
, and the last argument may also be variadic...
.
For example:
// Command implemented using action handler (description is supplied separately to `.command`)
// Returns new command for configuring.
program
.command('clone <source> [destination]')
.description('clone a repository into a newly created directory')
.action((source, destination) => {
console.log('clone command called');
});
// Command implemented using separate executable file (description is second parameter to `.command`)
// Returns top-level command for adding more commands.
program
.command('start <service>', 'start named service')
.command('stop [service]', 'stop named service, or all if no name supplied');
You use .arguments
to specify the arguments for the top-level command, and for subcommands they are included in the .command
call. Angled brackets (e.g. <required>
) indicate required input. Square brackets (e.g. [optional]
) indicate optional input.
const program = require('commander');
program
.version('0.1.0')
.arguments('<cmd> [env]')
.action(function (cmd, env) {
cmdValue = cmd;
envValue = env;
});
program.parse(process.argv);
if (typeof cmdValue === 'undefined') {
console.error('no command given!');
process.exit(1);
}
console.log('command:', cmdValue);
console.log('environment:', envValue || "no environment given");
The last argument of a command can be variadic, and only the last argument. To make an argument variadic you
append ...
to the argument name. For example:
const program = require('commander');
program
.version('0.1.0')
.command('rmdir <dir> [otherDirs...]')
.action(function (dir, otherDirs) {
console.log('rmdir %s', dir);
if (otherDirs) {
otherDirs.forEach(function (oDir) {
console.log('rmdir %s', oDir);
});
}
});
program.parse(process.argv);
The variadic argument is passed to the action handler as an array. (And this also applies to program.args
.)
You can add options to a command that uses an action handler. The action handler gets passed a parameter for each argument you declared, and one additional argument which is the command object itself. This command argument has the values for the command-specific options added as properties.
const program = require('commander');
program
.command('rm <dir>')
.option('-r, --recursive', 'Remove recursively')
.action(function (dir, cmdObj) {
console.log('remove ' + dir + (cmdObj.recursive ? ' recursively' : ''))
})
program.parse(process.argv)
A command's options on the command line are validated when the command is used. Any unknown options will be reported as an error. However, if an action-based command does not define an action, then the options are not validated.
Configuration options can be passed with the call to .command()
. Specifying true
for opts.noHelp
will remove the command from the generated help output.
When .command()
is invoked with a description argument, this tells commander that you're going to use separate executables for sub-commands, much like git(1)
and other popular tools.
Commander will search the executables in the directory of the entry script (like ./examples/pm
) with the name program-subcommand
, like pm-install
, pm-search
.
You can specify a custom name with the executableFile
configuration option.
You handle the options for an executable (sub)command in the executable, and don't declare them at the top-level.
// file: ./examples/pm
const program = require('commander');
program
.version('0.1.0')
.command('install [name]', 'install one or more packages')
.command('search [query]', 'search with optional query')
.command('update', 'update installed packages', {executableFile: 'myUpdateSubCommand'})
.command('list', 'list packages installed', {isDefault: true})
.parse(process.argv);
Configuration options can be passed with the call to .command()
. Specifying true
for opts.noHelp
will remove the command from the generated help output. Specifying true
for opts.isDefault
will run the subcommand if no other subcommand is specified.
Specifying a name with executableFile
will override the default constructed name.
If the program is designed to be installed globally, make sure the executables have proper modes, like 755
.
The help information is auto-generated based on the information commander already knows about your program, so the following --help
info is for free:
$ ./examples/pizza --help
Usage: pizza [options]
An application for pizzas ordering
Options:
-V, --version output the version number
-p, --peppers Add peppers
-P, --pineapple Add pineapple
-b, --bbq Add bbq sauce
-c, --cheese <type> Add the specified type of cheese (default: "marble")
-C, --no-cheese You do not want any cheese
-h, --help output usage information
You can display arbitrary -h, --help
information
by listening for "--help". Commander will automatically
exit once you are done so that the remainder of your program
does not execute causing undesired behaviors, for example
in the following executable "stuff" will not output when
--help
is used.
#!/usr/bin/env node
const program = require('commander');
program
.version('0.1.0')
.option('-f, --foo', 'enable some foo')
.option('-b, --bar', 'enable some bar')
.option('-B, --baz', 'enable some baz');
// must be before .parse() since
// node's emit() is immediate
program.on('--help', function(){
console.log('')
console.log('Examples:');
console.log(' $ custom-help --help');
console.log(' $ custom-help -h');
});
program.parse(process.argv);
console.log('stuff');
Yields the following help output when node script-name.js -h
or node script-name.js --help
are run:
Usage: custom-help [options]
Options:
-h, --help output usage information
-V, --version output the version number
-f, --foo enable some foo
-b, --bar enable some bar
-B, --baz enable some baz
Examples:
$ custom-help --help
$ custom-help -h
These allow you to customise the usage description in the first line of the help. The name is otherwise deduced from the (full) program arguments. Given:
program
.name("my-command")
.usage("[global options] command")
The help will start with:
Usage: my-command [global options] command
Output help information without exiting. Optional callback cb allows post-processing of help text before it is displayed.
If you want to display help by default (e.g. if no command was provided), you can use something like:
const program = require('commander');
const colors = require('colors');
program
.version('0.1.0')
.command('getstream [url]', 'get stream URL')
.parse(process.argv);
if (!process.argv.slice(2).length) {
program.outputHelp(make_red);
}
function make_red(txt) {
return colors.red(txt); //display the help text in red on the console
}
Override the default help flags and description.
program
.helpOption('-e, --HELP', 'read more information');
Output help information and exit immediately. Optional callback cb allows post-processing of help text before it is displayed.
You can execute custom actions by listening to command and option events.
program.on('option:verbose', function () {
process.env.VERBOSE = this.verbose;
});
// error on unknown commands
program.on('command:*', function () {
console.error('Invalid command: %s\nSee --help for a list of available commands.', program.args.join(' '));
process.exit(1);
});
The Commander package includes its TypeScript Definition file, but also requires the node types which you need to install yourself. e.g.
npm install commander
npm install --save-dev @types/node
If you use ts-node
and git-style sub-commands written as .ts
files, you need to call your program through node to get the sub-commands called correctly. e.g.
node -r ts-node/register pm.ts
--harmony
You can enable --harmony
option in two ways:
#! /usr/bin/env node --harmony
in the sub-commands scripts. (Note Windows does not support this pattern.)--harmony
option when call the command, like node --harmony examples/pm publish
. The --harmony
option will be preserved when spawning sub-command process.If you are using the node inspector for debugging git-style executable (sub)commands using node -inspect
et al,
the inspector port is incremented by 1 for the spawned subcommand.
const program = require('commander');
program
.version('0.1.0')
.option('-C, --chdir <path>', 'change the working directory')
.option('-c, --config <path>', 'set config path. defaults to ./deploy.conf')
.option('-T, --no-tests', 'ignore test hook');
program
.command('setup [env]')
.description('run setup commands for all envs')
.option("-s, --setup_mode [mode]", "Which setup mode to use")
.action(function(env, options){
const mode = options.setup_mode || "normal";
env = env || 'all';
console.log('setup for %s env(s) with %s mode', env, mode);
});
program
.command('exec <cmd>')
.alias('ex')
.description('execute the given remote cmd')
.option("-e, --exec_mode <mode>", "Which exec mode to use")
.action(function(cmd, options){
console.log('exec "%s" using %s mode', cmd, options.exec_mode);
}).on('--help', function() {
console.log('');
console.log('Examples:');
console.log('');
console.log(' $ deploy exec sequential');
console.log(' $ deploy exec async');
});
program
.command('*')
.action(function(env){
console.log('deploying "%s"', env);
});
program.parse(process.argv);
More Demos can be found in the examples directory.
Professionally supported commander is now available
Tidelift gives software development teams a single source for purchasing and maintaining their software, with professional grade assurances from the experts who know it best, while seamlessly integrating with existing tools.
[3.0.2] (2019-09-27)
<!-- markdownlint-disable MD024 -->FAQs
the complete solution for node.js command-line programs
The npm package commander receives a total of 142,460,136 weekly downloads. As such, commander popularity was classified as popular.
We found that commander demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.