Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
gluegunplus
Advanced tools
GluegunPlus extends the capabilities of the original Gluegun Node.js module, empowering developers to create command-line interfaces with enhanced automation features.
Gluegun Plus provides the first steps into developing language-agnostic and framework-agnostic CLIs. The CLI is built from a command API definition, which is currently given in a json file. There is also provided validation functions so that these do not have to be independently written in each command handler.
Language | Toolkit | Support |
---|---|---|
Node | Gluegun | ✔ |
Go | Cobra | ❌ |
Example config.json
{
"command1/c": {
"description": "Command 1 Description",
"__run": "command1Handler"
},
"command2/d": {
"description": "Command 2 Description",
"__run": { "func": "command2Handler", "args": { "a": true, "b": 4 } },
"optional": {
"a": "a argument supplied to command2Handler",
"b": {
"description": "b argument",
"type": "int",
"range": { "min": 1, "max": 10 },
"default": 1
}
},
"required": {
"c": "A required arg"
}
},
"command3": {
"description": "Command 3 Description",
"command4/d": {
"description": "Command 4 Description",
"__run": { "func": "command4Handler", "args": { "a": true, "b": 4 } },
"optional": {
"a": "a argument supplied to command4Handler",
"b": {
"description": "b argument",
"type": "int",
"range": { "min": 1, "max": 10 },
"default": 1
}
},
"required": {
"c": "A required arg"
}
}
}
}
The commands have a hierarchical structure. For example:
sample command1
sample command2
sample command3 command4
Each command/sub-command has the following sections:
Section | Description |
---|---|
command/alias | The command and the alias in the format cli rootcommand --subcommand1 --subcommandOfSubcommand1 ... --arg1 value . The commands and subcommands have an optional alias. They from the first part of the cli args supplied and they are supplied as args without a value. The command and the alias will do the same thing. Eg cli command1 is the same as cli c . Due to the hierarchical structure, arguments are processed in the order in which they are supplied. So that the following example will result in the execution of different functions: 1. cli c -c -d -c 1 . and 2. cli c -d -e -c 1 . The args after the root command arg are in order the subcommands in the hierarchy. The last subcommand has a "__run" object |
__run | This gives the name, an optionally the arguments, to be supplied to the function to be run for this command. The name can be given either as a string, or in an object in the format: {"description": "", "type": "", "range": {"min":1, "max":10}} |
description | String which gives the description of the command. |
optional | optional args to be supplied for the command. Supplied in either the format: { "arg": "description"} or {"arg:{"decription:"", {...type configuration}}} |
An int
type can be configured with a range
object which has optionally a min
and max
value.
A text
type can be configured with a length
object. The value for a length object is either an integer for a fixed length string, or an object with a min
and max
value.
You can either use the github repo as a template.
Or
Create a gluegun project using
npx gluegun new projectName
cd projectName
npm link
and run from projectName
directory
npx gluegunplus init
This modifies the gluegun directory by creating
root/config/commands.json
with an sample commands file// the file to run...
After writing the extension, you can create the files for the corresponding files using:
npx gluegunplus update
npm install chalk@4.1.0
See LICENSE
FAQs
GluegunPlus extends the capabilities of the original Gluegun Node.js module, empowering developers to create command-line interfaces with enhanced automation features.
We found that gluegunplus demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.