Research
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
By Kush Pandya - Apr 18, 2025
You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP →
cross-var
[](https://nodei.co/npm/cross-var/) [](https://nodei.co/npm/cross-var/)
What is cross-var?
The cross-var npm package allows you to use environment variables across different operating systems in a consistent manner. It helps in writing cross-platform scripts by normalizing the usage of environment variables.
What are cross-var's main functionalities?
Cross-Platform Environment Variables
This feature allows you to use environment variables in your npm scripts in a way that works across different operating systems. The example shows how to echo the NODE_ENV variable.
scripts: {
"start": "cross-var echo $NODE_ENV"
}Variable Substitution
This feature allows you to substitute environment variables directly in your scripts. The example shows how to include the NODE_ENV variable in a build script.
scripts: {
"build": "cross-var echo Building for $NODE_ENV"
}Other packages similar to cross-var
cross-env
The cross-env package allows you to set environment variables across platforms. Unlike cross-var, which focuses on using environment variables, cross-env is more about setting them. It is useful when you need to ensure that environment variables are set correctly across different operating systems.
env-cmd
The env-cmd package allows you to set environment variables from a file or inline. It is similar to cross-var in that it helps manage environment variables, but it offers more flexibility in terms of sourcing these variables from different locations.
cross-var
Overview
When using npm scripts it creates a lot of environment variables that are available for you to leverage when executing scripts.
If you'd like to take a look at all of the variables then you can run npm run env in your terminal.
> npm run env
npm_package_name=cross-var
npm_package_author_name=Elijah Manor
npm_package_version=1.0.0
... lots more ...
Now you can use those environment variables in your npm scripts by referencing them like the following
{
"name": "World",
"scripts": {
"//": "The following only works on Mac OS X/Linux (bash)",
"bash-script": "echo Hello $npm_package_name"
"//": "The following only works on a Windows machine",
"win-script": "echo Hello %npm_package_name%"
}
}
> npm run bash-script
Hello World
However, this won't work on Windows... because it expects the variables to be surrounded by percent signs, so we can change our script just slightly.
cross-var to the Rescue!
The goal of cross-var is to let you use one script syntax to work either on a Mac OS X/Linux (bash) or Windows. Reference the Usage documention below on how to use cross-var in your scripts.
Usage
Simple Commands
{
"version": "1.0.0",
"config": {
"port": "1337"
},
"scripts": {
"prebuild": "cross-var rimraf public/$npm_package_version",
"build:html": "cross-var jade --obj data.json src/index.jade --out public/$npm_package_version/",
"server:create": "cross-var http-server public/$npm_package_version -p $npm_package_config_port",
"server:launch": "cross-var opn http://localhost:$npm_package_config_port"
}
}
Complex Commands
{
"version": "1.0.0",
"scripts": {
"build:css": "cross-var \"node-sass src/index.scss | postcss -c .postcssrc.json | cssmin > public/$npm_package_version/index.min.css\"",
"build:js": "cross-var \"mustache data.json src/index.mustache.js | uglifyjs > public/$npm_package_version/index.min.js\"",
}
}
But What About!?!
Click on one of the following questions to reveal a detailed answer
Why don't you use `cross-env`?
`cross-env` is great for scripts that need a particular environment variable set, but isn't intended to fix cross-environment issues when using variables inside an `npm script`Why don't you use an external node file?
That is a fine solution to this problem, but if you would rather stick to straight up `npm scripts`, then this is a good solutionWhy don't you just use Windows 10 Ubuntu-based Bash shell?
Yes, if you can do that... then great! Windows 10’s version 1607 update, dubbed the “Anniversary Update”, has [intergrated a great bash shell](https://msdn.microsoft.com/en-us/commandline/wsl/about) that should allow you to run Linux software directly on Windows without any changes.However, if you want to support older Windows versions, then you might consider using cross-env or another approach to leverage environment variables in your scripts.
Keywords
FAQs
[](https://nodei.co/npm/cross-var/) [](https://nodei.co/npm/cross-var/)
The npm package cross-var receives a total of 158,891 weekly downloads. As such, cross-var popularity was classified as popular.
We found that cross-var demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 10 Oct 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Python Tools Are Quickly Adopting the New pylock.toml Standard
pip, PDM, pip-audit, and the packaging library are already adding support for Python’s new lock file format.
By Sarah Gooding - Apr 18, 2025
Product
Go Support Is Now Generally Available
Socket's Go support is now generally available, bringing automatic scanning and deep code analysis to all users with Go projects.
By Peter van der Zee, Ryan Eberhardt - Apr 17, 2025