Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
keypress-prompt
Advanced tools
keypress-prompt
is a simple prompter to get a single character or digit
on the console:
$ cat character.js
var prompter = require('keypress-prompt');
prompter
.prompt('Are you crazy', ['y', 'n'])
.then(function(choice) {
console.log('choice', choice);
});
$ node character.js
Are you crazy [y, n]: n
choice n
$ cat number.js
var prompter = require('keypress-prompt');
prompter
.prompt('Number of diners', [1, 2, 3, 4, 5])
.then(function(choice) {
console.log('choice', choice);
});
$ node number.js
Number of diners [1, 2, 3, 4, 5]: 2
choice 2
Note that internally keypress-prompt
attempts to coerce the input to
the type of the provided choices. If the match is an integer, it will
return an integer so in this example, 2 is of type 'number'. It is
assumed you won't do something silly like prompt with options like
[1, '1']
. It will work just maybe not quite how you want it to.
If Ctrl-C is press at the prompt, the promise will be rejected.
fakeKeypress
is provided for use in tests. For example:
it('lowercases the input to avoid issues with case', function(done) {
var promise = prompter.prompt('Yes or no', ['y', 'n']);
prompter.fakeKeypress('N');
promise.then(
function(key) {
expect(key).toBe('n');
done();
},
function() {
expect('promise').toBe('not rejected');
done();
}
);
});
To send Ctrl-C:
fakeKeypress('c', {
name: 'c',
ctrl: true
});
FAQs
prompts with a single keypress response
We found that keypress-prompt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.