Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
An elegant child_process.spawn
. Automatically pipes stderr
and stdout
for
you in a non-blocking fashion, making it very useful with build tools and task
runners. Great async support with easy serial and parallel command execution.
stderr
and stdout
by default.stderr
and stdout
rather than blocking on command completion.$ npm install executive
No need to echo as stderr
and stdout
are piped by default.
var exec = require('executive');
exec('uglifyjs foo.js --compress --mangle > foo.min.js')
It's easy to be quiet too.
exec.quiet('uglifyjs foo.js --compress --mangle > foo.min.js')
Callbacks and promises are both supported.
exec('ls -l', function(err, stdout, stderr) {
var files = stdout.split('\n');
})
exec('ls -l').then(function(res) {
var files = res.stdout.split('\n');
})
Automatically serializes commands.
exec(['ls', 'ls', 'ls'], function(err, stdout, stderr) {
// All three ls commands are called in order.
});
exec(`
ls
ls
ls`) // Same
Want to execute your commands in parallel? No problem.
exec.parallel(['ls', 'ls', 'ls'])
Options are passed as the second argument to exec. Helper methods for
quiet
, interactive
, parallel
and sync
do what you expect.
exec('ls', {options: quiet})
and
exec.quiet('ls')
are equivalent.
false
If you need to interact with a program (your favorite text editor for instance)
or watch the output of a long running process (tail -f
), or just don't care
about checking stderr
and stdout
, set interactive
to true
:
exec.interactive('vim', function(err) {
// Edit your commit message
});
false
If you'd prefer not to pipe stdin
, stdout
, stderr
set quiet
to false
:
exec.quiet(['ls', 'ls'], function(err, stdout, stderr) {
// You can still inspect stdout, stderr of course.
});
false
Blocking version of exec. Returns {stdout, stderr}
or throws an error.
false
Uses parallel rather than serial execution of commands.
null
Force a shell to be used for command execution.
Great with cake
, grunt
, gulp
and other task runners. Even better mixed
with generator-based control flow libraries and/or ES7 async
/await
.
Complex example using shortcake
(which
provides a superset of Cake's features, including
generator/promise support):
require 'shortcake'
task 'package', 'Package project', ->
yield exec '''
mkdir -p dist/
rm -rf dist/*
'''
yield exec.parallel '''
cp manifest.json dist/
cp -rf assets/ dist/
cp -rf lib/ dist/
cp -rf views/ dist/
'''
yield exec '''
zip -r package.zip dist/
rm -rf dist/
'''
You can find more usage examples in the tests.
FAQs
Elegant command execution with built-in control flow
The npm package executive receives a total of 1,034 weekly downloads. As such, executive popularity was classified as popular.
We found that executive demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.