Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
gulp-shell
Advanced tools
A handy command line interface for gulp
npm install --save-dev gulp-shell
const gulp = require('gulp')
const shell = require('gulp-shell')
gulp.task('example', () => {
return gulp
.src('*.js', { read: false })
.pipe(shell(['echo <%= file.path %>']))
})
Or you can use this shorthand:
gulp.task('greet', shell.task('echo Hello, World!'))
You can find more examples in the gulpfile of this project.
WARNING: Running commands like is considered as an anti-pattern. PLEASE DON'T DO THAT ANYMORE.gulp.src('').pipe(shell('whatever'))
type: string
or Array<string>
A command can be a template which can be interpolated by some file info (e.g. file.path
).
WARNING: Using command templates can be extremely dangerous. Don't shoot yourself in the foot by passing arguments like .$(rm -rf $HOME)
type: string
default: process.cwd()
Sets the current working directory for the command. This can be a template which can be interpolated by some file info (e.g. file.path
).
type: object
By default, all the commands will be executed in an environment with all the variables in process.env
and PATH
prepended by ./node_modules/.bin
(allowing you to run executables in your Node's dependencies).
You can override any environment variables with this option.
For example, setting it to { PATH: process.env.PATH }
will reset the PATH
if the default one brings your some troubles.
type: string
default: /bin/sh
on UNIX, and cmd.exe
on Windows
Change it to bash
if you like.
type: boolean
default: false
By default, it will print the command output.
type: boolean
default: false
Set to true
to print the command(s) to stdout as they are executed
type: boolean
default: false
By default, it will emit an error
event when the command finishes unsuccessfully.
type: string
default: Command `<%= command %>` failed with exit code <%= error.code %>
You can add a custom error message for when the command fails.
This can be a template which can be interpolated with the current command
, some file info (e.g. file.path
) and some error info (e.g. error.code
).
type: object
The data that can be accessed in template.
Details changes for each release are documented in the release notes.
FAQs
A handy command line interface for gulp
We found that gulp-shell demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.