Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
inquander
Inquirer for commander. If no arguments and options are passed to your commander app, it runs inquirer.
inquander
Inquirer for commander. This module takes two awesome modules and connects them.
If no arguments and options are passed to your commander app, it runs inquirer. For all commands, arguments and options defined in your commander app.
If you call your module with arguments it acts like a normal commander tool.
But if you call it without any arguments or commands it will parse your definitions and runs it using inquirer.
Usage
Instead of calling program.parse you need to call inquander.parse.
var program = require('commander'),
inquander = require('inquander');
program
.command('hello [name]')
.action(function(name) {
console.log('Hello', name);
});
program
.command('pay [creditcard]')
.action(function(creditcard) {
console.log('Please come again.');
console.log(creditcard);
});
inquander.parse(program, process.argv);
Options
Message and Default Command
The root message and default command options define the inquirer root behavior:
inquander.parse(program, process.argv, {
message: 'Little Caesar\'s Pizza Ordering',
defaultCommand: 'pay'
});
Type Overrides
The commander api doesn't identify special types (password, list, editor, etc). So to specify field types specifically for inquirer, use the overrides option:
inquander.parse(program, process.argv, {
overrides: {
'creditcard': {
type: 'password'
},
'pickup': {
type: 'checkbox',
choices: ['one', 'two']
}
}
});
Hidden Fields
To hide a field from the interactive view, use the hidden option:
inquander.parse(program, process.argv, {
hidden: ['notininquirer']
});
For more examples take a look into the example folder.
Advanced
Run Command
Inquander.runCommand(command, forceInteractive) allows you to manually trigger a generated
command.
Detecting Interactive Mode
To enable different behavior for interactive and non-interactive modes,
inquander defines a flag in program.usingInquirer which indicates
whether inquander is using inquirer or commander.
Promises in Overrides
One can also pass Promises in for any value inside of the overrides object, for instance:
``Javascript inquander.parse(program, process.argv, { overrides: { 'creditcard': { type: 'password' }, 'pickup': { type: 'checkbox', choices: Promise.resolve(['one','two']) } } });
FAQs
Inquirer for commander. If no arguments and options are passed to your commander app, it runs inquirer.
We found that inquander demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 14 Jun 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025