Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socketβs threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The envinfo npm package is a tool that generates information about the development environment. It can be used to report system information, software versions, and configuration details, which is particularly useful for debugging and issue reporting in software projects.
System Information
This command prints information about the system, such as OS, CPU, Memory, and Shell.
envinfo --system
Browsers
This command lists installed web browsers and their versions.
envinfo --browsers
Languages
This command shows the installed languages and their versions, like Node.js, Python, Ruby, etc.
envinfo --languages
Utilities
This command provides information about installed utilities like Git, Make, GCC, etc.
envinfo --utilities
Servers
This command reports on server software like Apache, Nginx, and IIS.
envinfo --servers
Virtualization
This command lists virtualization tools like Docker, Parallels, and VirtualBox.
envinfo --virtualization
IDEs
This command shows the installed Integrated Development Environments (IDEs) and their versions.
envinfo --ides
SDKs
This command lists the installed SDKs for platforms like iOS, Android, and .NET.
envinfo --sdks
Custom Configuration
This command allows for custom configuration to include duplicate packages in the output and the full dependency tree.
envinfo --duplicates --fullTree
The systeminformation package provides detailed information about the system hardware and software. It offers a broader range of system metrics compared to envinfo, but it does not focus on the development environment configuration.
The os package is a core Node.js module that provides basic operating system-related utility functions. It is more limited in scope compared to envinfo and does not provide information about software versions or development tools.
The which package is a simple utility to find the path of the executable files in the system. It is much more specific in functionality compared to envinfo, which provides a comprehensive report of the environment.
Please mention other relevant information such as the browser version, Node.js version, Operating System and programming language.
To use as a CLI tool, install this package globally:
npm install -g envinfo || yarn global add envinfo
Or, use without installing with npx:
npx envinfo
To use as a library in another project:
npm install envinfo || yarn add envinfo
envinfo
|| npx envinfo
System:
OS: macOS Mojave 10.14.5
CPU: (8) x64 Intel(R) Core(TM) i7-7820HQ CPU @ 2.90GHz
Memory: 2.97 GB / 16.00 GB
Shell: 5.3 - /bin/zsh
Binaries:
Node: 8.16.0 - ~/.nvm/versions/node/v8.16.0/bin/node
Yarn: 1.15.2 - ~/.yarn/bin/yarn
npm: 6.9.0 - ~/.nvm/versions/node/v8.16.0/bin/npm
pnpm: 8.7.6 - /usr/local/bin/pnpm
bun: 1.0.2 - /usr/local/bin/bun
Watchman: 4.9.0 - /usr/local/bin/watchman
Managers:
Cargo: 1.31.0 - ~/.cargo/bin/cargo
CocoaPods: 1.7.3 - /usr/local/bin/pod
Composer: 1.8.6 - /usr/local/bin/composer
Gradle: 5.5 - /usr/local/bin/gradle
Homebrew: 2.1.7 - /usr/local/bin/brew
Maven: 3.6.1 - /usr/local/bin/mvn
pip2: 19.0.3 - /usr/local/bin/pip2
pip3: 19.0.2 - /usr/local/bin/pip3
RubyGems: 2.5.2.3 - /usr/bin/gem
Utilities:
CMake: 3.13.3 - /usr/local/bin/cmake
Make: 3.81 - /usr/bin/make
GCC: 10.14. - /usr/bin/gcc
Git: 2.20.0 - /usr/local/bin/git
Mercurial: 4.5.3 - /usr/bin/hg
Clang: 1001.0.46.4 - /usr/bin/clang
Subversion: 1.10.3 - /usr/bin/svn
Servers:
Apache: 2.4.34 - /usr/sbin/apachectl
Nginx: 1.13.12 - /usr/local/bin/nginx
Virtualization:
Docker: 18.09.1 - /usr/local/bin/docker
Parallels: 13.3.0 - /usr/local/bin/prlctl
VirtualBox: 5.2.20 - /usr/local/bin/vboxmanage
SDKs:
iOS SDK:
Platforms: iOS 12.2, macOS 10.14, tvOS 12.2, watchOS 5.2
Android SDK:
API Levels: 28
Build Tools: 28.0.3
System Images: android-28 | Google Play Intel x86 Atom
IDEs:
Android Studio: 3.2 AI-181.5540.7.32.5056338
Atom: 1.23.3
Emacs: 22.1.1 - /usr/bin/emacs
Nano: 2.0.6 - /usr/bin/nano
VSCode: 1.36.0 - /usr/local/bin/code
Vim: 8.0 - /usr/bin/vim
Xcode: 10.2.1/10E1001 - /usr/bin/xcodebuild
Languages:
Bash: 4.4.23 - /usr/local/bin/bash
Elixir: 1.6.2 - /usr/local/bin/elixir
Go: 1.11.1 - /usr/local/bin/go
Java: 1.8.0_192 - /usr/bin/javac
Perl: 5.18.4 - /usr/bin/perl
PHP: 7.1.23 - /usr/bin/php
Python: 2.7.16 - /usr/local/bin/python
Python3: 3.7.2 - /usr/local/bin/python3
R: 3.6.0 - /usr/local/bin/R
Ruby: 2.3.7 - /usr/bin/ruby
Rust: 1.16.0 - /Users/tabrindle/.cargo/bin/rustup
Databases:
MongoDB: 3.6.4 - /usr/local/bin/mongo
MySQL: 10.3.10 (MariaDB) - /usr/local/bin/mysql
PostgreSQL: 10.3 - /usr/local/bin/postgres
SQLite: 3.24.0 - /usr/bin/sqlite3
Browsers:
Chrome: 75.0.3770.100
Chrome Canary: 77.0.3847.0
Firefox: 68.0
Firefox Developer Edition: 69.0
Firefox Nightly: 69.0a1
Safari: 12.1.1
Safari Technology Preview: 13.0
npmPackages:
apollo-client: ^2.3.1 => 2.3.1
jest: ^22.2.1 => 22.2.1
...
react: ^16.3.2 => 16.3.2
react-apollo: ^2.1.4 => 2.1.4
run4staged: ^1.1.1 => 1.1.1
solidarity: 2.0.5 => 2.0.5
styled-components: ^3.1.6 => 3.1.6
npmGlobalPackages:
create-react-app: 1.5.2
create-react-native-app: 1.0.0
envinfo: 5.10.0
exp: 49.2.2
gatsby-cli: 1.1.52
npm: 5.6.0
react-native-cli: 2.0.1
solidarity: 2.1.0
typescript: 2.8.1
Envinfo takes a configuration object and returns a Promise that resolves a string (optionally yaml, json or markdown)
import envinfo from 'envinfo';
envinfo.run(
{
System: ['OS', 'CPU'],
Binaries: ['Node', 'Yarn', 'npm'],
Browsers: ['Chrome', 'Firefox', 'Safari'],
npmPackages: ['styled-components', 'babel-plugin-styled-components'],
},
{ json: true, showNotFound: true }
).then(env => console.log(env));
logs:
{
"System": {
"OS": "macOS High Sierra 10.13",
"CPU": "x64 Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz"
},
"Binaries": {
"Node": {
"version": "8.11.0",
"path": "~/.nvm/versions/node/v8.11.0/bin/node"
},
"Yarn": {
"version": "1.5.1",
"path": "~/.yarn/bin/yarn"
},
"npm": {
"version": "5.6.0",
"path": "~/.nvm/versions/node/v8.11.0/bin/npm"
}
},
"Browsers": {
"Chrome": {
"version": "67.0.3396.62"
},
"Firefox": {
"version": "59.0.2"
},
"Safari": {
"version": "11.0"
}
},
"npmPackages": {
"styled-components": {
"wanted": "^3.2.1",
"installed": "3.2.1"
},
"babel-plugin-styled-components": "Not Found"
}
}
All of envinfo's helpers are also exported for use. You can use envinfo as a whole, or just the parts that you need, like this:
const envinfo = require('envinfo');
// each helper returns a promise
const node = await envinfo.helpers.getNodeInfo();
// The promises resolve to an array of values: ["Name", "Version", "Path"]
// e.g. ["Node", "10.9.0", "/usr/local/bin/node"]
console.log(`Node: ${node[1]} - ${node[2]}`); // "Node: 10.9.0 - ~/.nvm/versions/node/v8.14.0/bin/node"
--system Print general system info such as OS, CPU, Memory and Shell
--browsers Get version numbers of installed web browsers
--SDKs Get platforms, build tools and SDKs of iOS and Android
--IDEs Get version numbers of installed IDEs
--languages Get version numbers of installed languages such as Java, Python, PHP, etc
--binaries Get version numbers of node, npm, watchman, etc
--npmPackages Get version numbers of locally installed npm packages - glob, string, or comma delimited list
--npmGlobalPackages Get version numbers of globally installed npm packages
--duplicates Mark duplicate npm packages inside parentheses eg. (2.1.4)
--fullTree Traverse entire node_modules dependency tree, not just top level
--markdown Print output in markdown format
--json Print output in JSON format
--console Print to console (defaults to on for CLI usage, off for programmatic usage)
envinfo is live in:
react-native info
)create-react-app --info
)npx expo-env-info
)webpack-cli info
)solidarity report
)gatsby info
)envinfo is used in the ISSUE_TEMPLATE of:
command -v
until you smash your computerMIT
PRs for additional features are welcome! Run npm run lint && npm run format
before committing.
This project came out of a PR to the React Native CLI tool - issues are reported frequently without important environment information, like Node/npm versions.
Thanks goes to these wonderful people (emoji key):
This project follows the all-contributors specification. Contributions of any kind welcome!
FAQs
Info about your dev environment for debugging purposes
The npm package envinfo receives a total of 10,849,772 weekly downloads. As such, envinfo popularity was classified as popular.
We found that envinfo demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Β It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socketβs threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.