Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Gluegun is a delightful toolkit for building Node-based command-line interfaces (CLIs) in TypeScript or modern JavaScript, with support for:
🌯 parameters - command-line arguments and options
🎛 template - generating files from templates
🗄 patching - manipulating file contents
💾 filesystem - moving files and directories around
⚒ system - executing other command-line scripts
🎅 http - interacting with API servers
🛎 prompt - auto-complete prompts
💃 print - printing pretty colors and tables
👩✈️ semver - working with semantic versioning
🎻 strings - manipulating strings & template data
📦 packageManager - installing NPM packages with Yarn or NPM
In addition, gluegun
supports expanding your CLI's ecosystem with a robust set of easy-to-write plugins and extensions.
Gluegun is at a stable point and we aren't planning on building new features for it, although the community continues to send in PRs and we release them if they are performance, stability, types, or other similar enhancements. Read the Community Supported section to learn more.
Introductory YouTube video by our CTO, Jamon Holmgren: https://www.youtube.com/watch?v=_KEqXfLOSQY
You might want to use Gluegun if:
If so ... welcome!
Just run the gluegun
CLI like this:
# spin up your new CLI
npx gluegun new movies
# choose TypeScript or Modern JavaScript
# now jump into the source
cd movies
# and link your new executable
yarn link
# and run it!
movies help
You should see your new CLI help. Open the folder in your favorite editor and start building your CLI!
Let's start with what a gluegun
CLI looks like.
// in movie/src/cli.[js|ts]...
// ready
const { build } = require('gluegun')
// aim
const movieCLI = build('movie')
.src(`${__dirname}/src`)
.plugins('node_modules', { matching: 'movie-*' })
.help()
.version()
.defaultCommand()
.create()
// fire!
movieCLI.run()
Commands
Commands are simple objects that provide a name, optional aliases, and a function to run.
// in movie/src/commands/foo.js
module.exports = {
name: 'foo',
alias: 'f',
run: async function (toolbox) {
// gluegun provides all these features and more!
const { system, print, filesystem, strings } = toolbox
// ...and be the CLI you wish to see in the world
const awesome = strings.trim(await system.run('whoami'))
const moreAwesome = strings.kebabCase(`${awesome} and a keyboard`)
const contents = `🚨 Warning! ${moreAwesome} coming thru! 🚨`
const home = process.env['HOME']
filesystem.write(`${home}/realtalk.json`, { contents })
print.info(`${print.checkmark} Citius`)
print.warning(`${print.checkmark} Altius`)
print.success(`${print.checkmark} Fortius`)
},
}
See the toolbox api docs for more details on what you can do.
See the runtime docs for more details on building your own CLI and join us in the #gluegun channel of the Infinite Red Community Slack (community.infinite.red) to get friendly help!
Additionally, the first versions of the AWS Amplify CLI (a CLI toolchain for simplifying serverless web and mobile development) used Gluegun. They've since integrated Gluegun's functionality into their CLI in a bespoke way, but you can still see Gluegun patterns in their CLI.
We've assembled an all-star cast of libraries to help you build your CLI.
⭐️ ejs for templating
⭐️ semver for version investigations
⭐️ fs-jetpack for the filesystem
⭐️ yargs-parser, enquirer, colors, ora and cli-table3 for the command line
⭐️ axios & apisauce for web & apis
⭐️ cosmiconfig for flexible configuration
⭐️ cross-spawn for running sub-commands
⭐️ execa for running more sub-commands
⭐️ node-which for finding executables
⭐️ pluralize for manipulating strings
Node.js 12.0+ is required.
Here are a few community CLIs based on Gluegun plus some plugins you can use. Is yours missing? Send a PR to add it!
While Gluegun is no longer actively developed by Infinite Red, it has built a community that cares deeply about it. Infinite Red won't be building new features ourselves for Gluegun, but we encourage the community to continue to send high quality pull requests. We will try to review and merge them in a timely manner.
If you're looking for alternatives, here's a list:
And of course, check out your favorite React Native Consultants, Infinite Red!.
FAQs
A delightful toolkit for building Node-powered CLIs.
The npm package gluegun receives a total of 32,148 weekly downloads. As such, gluegun popularity was classified as popular.
We found that gluegun demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 17 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.