Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding -  Dec 12, 2025
đ¨ Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis â
Package was removed
Sorry, it seems this package was removed from the registry
csnpm-cli
- cli for csnpm-server
- NOT compatible with npm, MUST be used with csnpm-server
install
- npm install csnpm-cli2 -g
if no server
- wget https://<dnload-server-domain-hostname>/package/tgz?name=csnpm-cli&version=1.0.7 -o csnpm-cli.tgz
init install
scp <user@scp-domain-hostname>://upload/csnpm-cli.tar csnpm-cli.tar
tar -zxf csnpm-cli.tar
rm csnpm-cli.tar
cd csnpm-cli/csnpm-cli
npm install . -g
usage
csnpm login|publish|search|install|dnload [options]
Usage: [options]
Options:
-u, --uname <username>:<password>
-n, --pkg_name pkg nameto be installed
-p, --path install path
-t, --ptrn search ptrn
-s, --url server url
-v, --version version
-o, --offset offset for search,default 0
-l, --limit limit for search, default 1024
-i, --info_only get info only when install, default false
-d, --depby_only get dependanted by info only when install, default false
-N, --bynpm_if_not_found try to find from npm if NOT find from csnpm
-h, --help usage
example
.csnpm-ignore
module.exports = (rel_path/*ç¸ĺŻščŚĺŽčŁ
ç饚çŽç衯ĺž*/) => {
if(rel_path.includes("node_modules")) {
return(true)
} else {
return(false)
}
}
login , only need do ăJUST-ONE-TIMEă
- login -s <server-base-url> -u <username>:<password>
- csnpm is for local/vpn using , so it using a weak password
# csnpm login -s http://192.168.1.146:28084 -u admin:admin
{
uname: 'admin:admin',
url: 'http://192.168.1.146:28084',
utoken: '8f6001375908a74e39980b221277e49acad31ddacc7469ad8822c341c5861f31d5b8677f'
}
search
- csnpm search -t <search-text-ptrn> -o <offset =0> -l <limit=1024>
# csnpm search -t pg
csnpm install pg 8.11.3 PostgreSQL client - pure javascript & libpq with the same API
csnpm install pg-pool 3.6.1 Connection pool for node-postgres
csnpm install pg-int8 1.0.1 64-bit big-endian signed integer-to-string conversion
csnpm install pg-types 4.0.1 Query result type converters for node-postgres
csnpm install pg-numeric 1.0.2 reads PostgreSQL binary format for numeric values into a string
csnpm install pg-protocol 1.6.0 The postgres client/server binary protocol, implemented in TypeScript
csnpm install pgpass 1.0.5 Module for reading .pgpass
csnpm install pg-connection-string 2.6.2 Functions for dealing with a PostgresSQL connection string
install info
- csnpm install -i -n pg # only get install info but NOT do install: dependant-on
- csnpm install -d -n pg # only get install info but NOT do install: dependanted-by
- RtrnType {[<pkgname>+<semver>]: [<pkgname>, <internal-version>, <semver>]}
- it maybe SLOW IF packaghe NOT exists in local-server: it will try to find and download it FROM npm
root@dev:/home/CSNPM-TEST# csnpm install -i -n pg
{
'pg::8.11.3': [
'pgpass::1.0.5',
'pg-pool::3.6.1',
'pg-types::2.2.0',
'pg-protocol::1.6.0',
'buffer-writer::2.0.0',
'packet-reader::1.0.0',
'pg-connection-string::2.6.2'
],
'pgpass::1.0.5': [ 'split2::4.2.0' ],
'pg-types::2.2.0': [
'pg-int8::1.0.1',
'postgres-date::1.0.7',
'postgres-array::2.0.0',
'postgres-bytea::1.0.0',
'postgres-interval::1.2.0'
],
'postgres-interval::1.2.0': [ 'xtend::4.0.2' ],
'pg-pool::3.6.1': null,
'pg-protocol::1.6.0': null,
'buffer-writer::2.0.0': null,
'packet-reader::1.0.0': null,
'pg-connection-string::2.6.2': null,
'split2::4.2.0': null,
'pg-int8::1.0.1': null,
'postgres-date::1.0.7': null,
'postgres-array::2.0.0': null,
'postgres-bytea::1.0.0': null,
'xtend::4.0.2': null
}
root@dev:/home/CSNPM-TEST# csnpm install -d -n pg
DepCache {
'pg::8.11.3': [ 'pg', '8.11.3', null ],
'pgpass::1.0.5': [ 'pgpass', '1.0.5', 'pg::8.11.3' ],
'pg-pool::3.6.1': [ 'pg-pool', '3.6.1', 'pg::8.11.3' ],
'pg-types::2.2.0': [ 'pg-types', '2.2.0', 'pg::8.11.3' ],
'pg-protocol::1.6.0': [ 'pg-protocol', '1.6.0', 'pg::8.11.3' ],
'buffer-writer::2.0.0': [ 'buffer-writer', '2.0.0', 'pg::8.11.3' ],
'packet-reader::1.0.0': [ 'packet-reader', '1.0.0', 'pg::8.11.3' ],
'pg-connection-string::2.6.2': [ 'pg-connection-string', '2.6.2', 'pg::8.11.3' ],
'split2::4.2.0': [ 'split2', '4.2.0', 'pgpass::1.0.5' ],
'pg-int8::1.0.1': [ 'pg-int8', '1.0.1', 'pg-types::2.2.0' ],
'postgres-date::1.0.7': [ 'postgres-date', '1.0.7', 'pg-types::2.2.0' ],
'postgres-array::2.0.0': [ 'postgres-array', '2.0.0', 'pg-types::2.2.0' ],
'postgres-bytea::1.0.0': [ 'postgres-bytea', '1.0.0', 'pg-types::2.2.0' ],
'postgres-interval::1.2.0': [ 'postgres-interval', '1.2.0', 'pg-types::2.2.0' ],
'xtend::4.0.2': [ 'xtend', '4.0.2', 'postgres-interval::1.2.0' ]
}
install
- csnpm install -n pg # install in current dir
- csnpm install -n pg -p <install-to-path> # install in specific dir
- RtrnType {workdir:<String>, before_already_installed:Array<EleType>, success_newly_installed:Array<EleType>, fail_to_install:Array<EleType>}
- EleType {pkgnm:<String>, version:<semver>,already_installed:<Boolean>,new_installed:<Boolean>,installed_dir:<PathString>}
# cd /home/CSNPM-TEST
# csnpm install -n pg
{
workdir: '/home/CSNPM-TEST',
before_already_installed: [],
success_newly_installed: [
{
pkgnm: 'pg',
version: '8.11.3',
already_installed: true,
new_installed: true,
installed_dir: '/home/CSNPM-TEST/node_modules/pg'
},
{
pkgnm: 'pgpass',
version: '1.0.0',
already_installed: true,
new_installed: true,
installed_dir: '/home/CSNPM-TEST/node_modules/pgpass'
},
{
pkgnm: 'pg-pool',
version: '3.6.1',
already_installed: true,
new_installed: true,
installed_dir: '/home/CSNPM-TEST/node_modules/pg-pool'
},
{
pkgnm: 'pg-types',
version: '2.1.0',
already_installed: true,
new_installed: true,
installed_dir: '/home/CSNPM-TEST/node_modules/pg-types'
},
{
pkgnm: 'pg-protocol',
version: '1.6.0',
already_installed: true,
new_installed: true,
installed_dir: '/home/CSNPM-TEST/node_modules/pg-protocol'
},
{
pkgnm: 'buffer-writer',
version: '2.0.0',
already_installed: true,
new_installed: true,
installed_dir: '/home/CSNPM-TEST/node_modules/buffer-writer'
},
{
pkgnm: 'packet-reader',
version: '1.0.0',
already_installed: true,
new_installed: true,
installed_dir: '/home/CSNPM-TEST/node_modules/packet-reader'
},
{
pkgnm: 'pg-connection-string',
version: '2.6.2',
already_installed: true,
new_installed: true,
installed_dir: '/home/CSNPM-TEST/node_modules/pg-connection-string'
},
{
pkgnm: 'split',
version: '1.0.0',
already_installed: true,
new_installed: true,
installed_dir: '/home/CSNPM-TEST/node_modules/split'
},
{
pkgnm: 'pg-int8',
version: '1.0.1',
already_installed: true,
new_installed: true,
installed_dir: '/home/CSNPM-TEST/node_modules/pg-int8'
},
{
pkgnm: 'postgres-date',
version: '1.0.4',
already_installed: true,
new_installed: true,
installed_dir: '/home/CSNPM-TEST/node_modules/postgres-date'
},
{
pkgnm: 'postgres-array',
version: '2.0.0',
already_installed: true,
new_installed: true,
installed_dir: '/home/CSNPM-TEST/node_modules/postgres-array'
},
{
pkgnm: 'postgres-bytea',
version: '1.0.0',
already_installed: true,
new_installed: true,
installed_dir: '/home/CSNPM-TEST/node_modules/postgres-bytea'
},
{
pkgnm: 'postgres-interval',
version: '1.1.0',
already_installed: true,
new_installed: true,
installed_dir: '/home/CSNPM-TEST/node_modules/postgres-interval'
},
{
pkgnm: 'through',
version: '2.0.0',
already_installed: true,
new_installed: true,
installed_dir: '/home/CSNPM-TEST/node_modules/through'
},
{
pkgnm: 'xtend',
version: '4.0.0',
already_installed: true,
new_installed: true,
installed_dir: '/home/CSNPM-TEST/node_modules/xtend'
}
],
fail_to_install: []
}
publish
- csnpm publish # default current dir
- csnpm publish -p <path>
#npm version patch
#csnpm publish
success
and then you can check the install info using ăcsnpm install -i -n ă before install
# csnpm install -i -n "csnpm-cli"
{
'csnpm-cli1.0.5': [ 'csnpm-cli', '4294967301', '1.0.5' ],
'nvison1.0.28': [ 'nvison', '4294967324', '1.0.28' ],
'semver7.5.4': [ 'semver', '30065098756', '7.5.4' ],
....
'nv-string-basic1.0.21': [ 'nv-string-basic', '4294967317', '1.0.21' ]
}
dnload JUST DOWNLOAD a EXACT -n <pkgname> -v <semver>
- csnpm dnload -n <pkgname> -v <version> #default download to current dir
- csnpm dnload -n <pkgname> -v <version> -p <download-to-path>
# csnpm dnload -n obuf -v 1.0.0
success download to /home/CSNPM-TEST/obuf-1.0.0.tgz
# ls -l
total 4
-rw-r--r-- 1 root root 2824 Jan 7 04:10 obuf-1.0.0.tgz
deploy server
Usage: csnpm_deploy_server [options]
Options:
-p, --install_path install_path,default ./
-i, --pg_ip postgres ip,default 127.0.0.1
-r, --redis_ip redis ip,default 127.0.0.1
-R, --redis_db redis dbnum, default 2
-f, --filepath storage path, default /home/data/csnpm
-P, --port web port,default 28084
-c, --enable_console enable log, default false
-h, --help usage
csnpm publish as nest dir
#for test only
Usage: csnpm_publish_as_nest_dir [options]
Options:
-p, --from_path publish_from,default ./
-h, --help usage
LICENSE
- ISC
FAQs
csnpm-cli2 ==========
The npm package csnpm-cli2 receives a total of 0 weekly downloads. As such, csnpm-cli2 popularity was classified as not popular.
We found that csnpm-cli2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 13 Jan 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: whatâs affected and how to update safely.
By Sarah Gooding -  Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding -  Dec 11, 2025