Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
An easy to use wrapper around child_process.spawn
, useful for Cakefiles and the like. Pipes stdout
, stderr
and stdin
so you don't have to. Think of it as a streaming child_process.exec
with a few extra goodies.
var exec = require('executive');
exec('ls', function(err, stdout, stderr) {
// Done, no need to echo out as it's piped to stdout by default.
});
Arguments are parsed out properly for you:
var exec = require('executive');
exec('ls -AGF Foo\\ bar', function(err, stdout, stderr) {
// Note the escaped folder name.
});
Also supports simple serial execution of commands:
var exec = require('executive');
exec(['ls', 'ls', 'ls'], function(err, stdout, stderr) {
// All three ls commands are called in order.
});
In the case of a failure, no additional commands will be executed:
exec(['ls', 'aaaaa', 'ls'], function(err, stdout, stderr) {
// First command succeeds, second blows up, third is never called.
});
Commands can also be specified as a list of objects or a mix:
exec([
{
cmd: 'ls',
args: [ '-la' ]
},
'ls -la',
{
cmd: 'ls',
args: [ '-l' ]
},
])
Options may be passed as the second argument to exec and in the case of quiet
and interactive
helper functions exist.
exec('ls', {options: quiet})
and
exec.quiet('ls')
are equivalent.
false
If you need to interact with a program (your favorite text editor for instance)
or watch the output of a long running process (tail -f
), or just don't care
about checking stderr
and stdout
, set interactive
to true
:
exec.interactive('vim', function(err) {
// Edit your commit message or whatnot
});
false
If you'd prefer not to pipe stdin
, stdout
, stderr
set quiet
to false
:
exec.quiet(['ls', 'ls'], function(err, stdout, stderr) {
// Not a peep is heard, and both ls commands will be executed.
});
true
In case you need to ignore errors during serial execution it's possible to set
safe
to false
:
exec(['ls', 'aaaaaa', 'ls'], {safe: false}, function(err, stdout, stderr) {
// Both commands execute despite aaaaaa not being a valid executable.
});
The spawned child process object is accessible when you exec a single program (not available when using the simple serial execution wrapper):
var exec = require('executive');
child = exec.quiet('ls');
child.stdout.on('data', function(data) {
// Do your own thing
});
It's especially nice to use in a Cakefile:
exec = require 'executive'
task 'package', 'Package project', ->
exec '''
mkdir -p dist
rm -rf dist/*
cp manifest.json dist
cp -rf assets dist
cp -rf lib dist
cp -rf views dist
zip -r package.zip dist
rm -rf dist
'''.split '\n'
FAQs
Elegant command execution with built-in control flow
The npm package executive receives a total of 1,034 weekly downloads. As such, executive popularity was classified as popular.
We found that executive demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.