Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The 'commist' npm package is a command-line argument parser that helps in managing and dispatching commands in a CLI application. It allows you to define commands and their respective handlers, making it easier to build complex command-line tools.
Command Registration
This feature allows you to register a command and its handler. In this example, the 'hello' command is registered, and when invoked, it prints 'Hello, world!' to the console.
const commist = require('commist')();
commist.register('hello', () => {
console.log('Hello, world!');
});
commist.parse(process.argv.slice(2));
Subcommand Handling
This feature allows you to handle subcommands within a command. In this example, the 'greet' command can handle 'morning' and 'evening' subcommands, printing different messages accordingly.
const commist = require('commist')();
commist.register('greet', (args) => {
if (args[0] === 'morning') {
console.log('Good morning!');
} else if (args[0] === 'evening') {
console.log('Good evening!');
} else {
console.log('Hello!');
}
});
commist.parse(process.argv.slice(2));
Default Command
This feature allows you to define a default command that will be executed if no other command matches. In this example, a default command is registered to print a message.
const commist = require('commist')();
commist.register('default', () => {
console.log('This is the default command.');
});
commist.parse(process.argv.slice(2));
Commander is a popular command-line interface (CLI) library for Node.js. It provides a comprehensive solution for parsing command-line arguments and managing commands. Compared to commist, Commander offers more features such as automatic help generation, option parsing, and command aliasing.
Yargs is another powerful CLI library for Node.js that helps in building interactive command-line tools. It provides features like argument parsing, command handling, and generating help documentation. Yargs is more feature-rich compared to commist and is widely used for complex CLI applications.
Minimist is a lightweight library for parsing command-line arguments. It is simpler and more minimalistic compared to commist, focusing primarily on argument parsing without the additional command management features that commist provides.
Build command line application with multiple commands the easy way. To be used with minimist.
'use strict'
const program = require('commist')()
const result = program
.register('abcd', function(args) {
console.log('just do', args)
})
.register({ command: 'restore', equals: true }, function(args) {
console.log('restore', args)
})
.register('args', function(args) {
args = minimist(args)
console.log('just do', args)
})
.register('abcde code', function(args) {
console.log('doing something', args)
})
.register('another command', function(args) {
console.log('anothering', args)
})
.parse(process.argv.splice(2))
if (result) {
console.log('no command called, args', result)
}
To handle async
operations, use parseAsync
instead,
which let you await on registered commands execution.
'use strict'
const program = require('commist')()
const result = await program
.register('abcd', async function(args) {
await executeCommand(args)
await doOtherStuff()
})
.parseAsync(process.argv.splice(2))
if (result) {
console.log('no command called, args', result)
}
When calling commist programs, you can abbreviate down to three char words. In the above example, these are valid commands:
node example.js abc
node example.js abc cod
node example.js anot comm
Moreover, little spelling mistakes are corrected too:
node example.js abcs cod
If you want that the command must be strict equals, you can register the command with the json configuration:
program.register({ command: 'restore', strict: true }, function(args) {
console.log('restore', args)
})
If you want to limit the maximum levenshtein distance of your commands,
you can use maxDistance: 2
:
const program = require('commist')()
const minimist = require('minimist')
const result = program
.register('abcd', function(args) {
console.log('just do', args)
})
.register({ command: 'restore', equals: true }, function(args) {
console.log('restore', args)
})
.register('args', function(args) {
args = minimist(args)
console.log('just do', args)
})
.register('abcde code', function(args) {
console.log('doing something', args)
})
.register('another command', function(args) {
console.log('anothering', args)
})
.parse(process.argv.splice(2))
if (result) {
console.log('no command called, args', result)
}
MIT
FAQs
Build your commands on minimist!
The npm package commist receives a total of 936,586 weekly downloads. As such, commist popularity was classified as popular.
We found that commist demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.