Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The minimist package is a command-line argument parser that helps to convert argument strings into a structured format. It is designed to be minimalist and simple to use, focusing on parsing the options passed to a Node.js script.
Parse command-line arguments
This feature allows you to parse command-line arguments. The process.argv array is sliced to remove the first two elements (node and script path), and the remaining elements are parsed by minimist to create an object with the arguments.
const minimist = require('minimist');
const args = minimist(process.argv.slice(2));
console.log(args);
Custom argument parsing
This feature allows for custom parsing options such as specifying which arguments should be treated as strings or booleans, and setting aliases for argument names.
const minimist = require('minimist');
const args = minimist(process.argv.slice(2), {
string: ['lang'],
boolean: ['version'],
alias: { v: 'version' }
});
console.log(args);
Default argument values
This feature allows you to provide default values for arguments that are not supplied on the command line.
const minimist = require('minimist');
const args = minimist(process.argv.slice(2), {
default: { lang: 'en', debug: false }
});
console.log(args);
Yargs is a more feature-rich command-line argument parser. It provides a fluent interface for building complex argument parsing logic and includes features like command handling, help text generation, and more.
Commander is another popular npm package for parsing command-line arguments. It is more oriented towards building command-line applications with sub-commands and action handlers.
Arg is a simple argument parser with a focus on performance and small package size. It is similar to minimist but offers a different API and type-based parsing.
Meow is a wrapper around minimist that provides a higher-level interface for creating CLIs. It includes features like help text generation and input validation.
parse argument options
This module is the guts of optimist's argument parser without all the fanciful decoration.
var argv = require('minimist')(process.argv.slice(2));
console.log(argv);
$ node example/parse.js -a beep -b boop
{ _: [], a: 'beep', b: 'boop' }
$ node example/parse.js -x 3 -y 4 -n5 -abc --beep=boop foo bar baz
{
_: ['foo', 'bar', 'baz'],
x: 3,
y: 4,
n: 5,
a: true,
b: true,
c: true,
beep: 'boop'
}
Previous versions had a prototype pollution bug that could cause privilege escalation in some circumstances when handling untrusted user input.
Please use version 1.2.6 or later:
var parseArgs = require('minimist')
Return an argument object argv
populated with the array arguments from args
.
argv._
contains all the arguments that didn't have an option associated with
them.
Numeric-looking arguments will be returned as numbers unless opts.string
or
opts.boolean
is set for that argument name.
Any arguments after '--'
will not be parsed and will end up in argv._
.
options can be:
opts.string
- a string or array of strings argument names to always treat as
strings
opts.boolean
- a boolean, string or array of strings to always treat as
booleans. if true
will treat all double hyphenated arguments without equal signs
as boolean (e.g. affects --foo
, not -f
or --foo=bar
)
opts.alias
- an object mapping string names to strings or arrays of string
argument names to use as aliases
opts.default
- an object mapping string argument names to default values
opts.stopEarly
- when true, populate argv._
with everything after the
first non-option
opts['--']
- when true, populate argv._
with everything before the --
and argv['--']
with everything after the --
. Here's an example:
> require('./')('one two three -- four five --six'.split(' '), { '--': true })
{
_: ['one', 'two', 'three'],
'--': ['four', 'five', '--six']
}
Note that with opts['--']
set, parsing for arguments still stops after the
--
.
opts.unknown
- a function which is invoked with a command line parameter not
defined in the opts
configuration object. If the function returns false
, the
unknown option is not added to argv
.
With npm do:
npm install minimist
MIT
v1.2.8 - 2023-02-09
#17
#12
#10
#15
#8
#15
#9
#5
#8
#9
a026794
5368ca4
e5f5067
62fde7d
36ac5d0
auto-changelog
73923d2
d80727d
48bc06a
34b0f1c
5df0fe4
covert
to nyc
a48b128
covert
, tape
; remove unnecessary tap
f0fb958
funding
in package.json 3639e0c
npmignore
to autogenerate an npmignore file be2e038
282b570
ef9153f
@ljharb/eslint-config
, aud
098873c
@ljharb/eslint-config
, aud
3124ed3
safe-publish-latest
4b927de
aud
in posttest
b32d9bd
f9fdfc0
ba92fe6
tape
950eaa7
npmignore
dev dep 3226afa
980d7ac
FAQs
parse argument options
The npm package minimist receives a total of 56,891,474 weekly downloads. As such, minimist popularity was classified as popular.
We found that minimist demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.