Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The mri npm package is a lightweight option parsing library. It allows for easy parsing of command-line options, providing a simple API to access command-line arguments in a structured way. It's designed for performance and simplicity, making it a great choice for projects that require basic yet efficient argument parsing without the overhead of more complex libraries.
Basic Option Parsing
This code demonstrates how to parse command-line arguments using mri. It slices the process.argv array to ignore the first two entries (node path and script path), then parses the remaining arguments into an options object.
const mri = require('mri');
const args = process.argv.slice(2);
const options = mri(args);
console.log(options);
Specifying Option Types
This example shows how to specify the types of options (boolean, string) and aliases for them. This helps in parsing the command-line arguments more accurately according to the expected types and aliases.
const mri = require('mri');
const args = process.argv.slice(2);
const cliOptions = {
boolean: ['help', 'version'],
string: ['output'],
alias: { h: 'help', v: 'version', o: 'output' }
};
const options = mri(args, cliOptions);
console.log(options);
Yargs is a more feature-rich command-line option parsing library compared to mri. It offers advanced features like command handling, automatic help generation, and more detailed option configurations. While mri focuses on simplicity and performance, yargs provides a broader set of functionalities for complex CLI applications.
Commander is another popular option parsing library that provides a high-level API for creating command-line interfaces. It supports subcommands, custom help, auto-completion, and more. Compared to mri, Commander is suited for more complex CLI applications that require structured commands and options.
Minimist is a minimalist option parsing library similar to mri in terms of simplicity and performance. It provides basic parsing capabilities with a focus on minimal overhead. While mri and minimist share similar goals, mri offers a slightly more modern API and additional features like option type specification.
Quickly scan for CLI flags and arguments
This is a fast and lightweight alternative to minimist
and yargs-parser
.
It only exists because I find that I usually don't need most of what minimist
and yargs-parser
have to offer. However, mri
is similar enough that it might function as a "drop-in replacement" for you, too!
See Comparisons for more info.
$ npm install --save mri
$ demo-cli --foo --bar=baz -mtv -- hello world
const mri = require('mri');
const argv = process.argv.slice(2);
mri(argv);
//=> { _: ['hello', 'world'], foo:true, bar:'baz', m:true, t:true, v:true }
mri(argv, { boolean:['bar'] });
//=> { _: ['baz', 'hello', 'world'], foo:true, bar:true, m:true, t:true, v:true }
mri(argv, {
alias: {
b: 'bar',
foo: ['f', 'fuz']
}
});
//=> { _: ['hello', 'world'], foo:true, f:true, fuz:true, b:'baz', bar:'baz', m:true, t:true, v:true }
Return: Object
Type: Array
Default: []
An array of arguments to parse. For CLI usage, send process.argv.slice(2)
. See process.argv
for info.
Type: Object
Default: {}
An object of keys whose values are String
s or Array<String>
of aliases. These will be added to the parsed output with matching values.
Type: Array|String
Default: []
A single key (or array of keys) that should be parsed as Boolean
s.
Type: Object
Default: {}
An key:value
object of defaults. If a default is provided for a key, its type (typeof
) will be used to cast parsed arguments.
mri(['--foo', 'bar']);
//=> { _:[], foo:'bar' }
mri(['--foo', 'bar'], {
default: { foo:true, baz:'hello', bat:42 }
});
//=> { _:['bar'], foo:true, baz:'hello', bat:42 }
Note: Because
--foo
has a default oftrue
, its output is cast to a Boolean. This means thatfoo=true
, making'bar'
an extra argument (_
key).
Type: Array|String
Default: []
A single key (or array of keys) that should be parsed as String
s.
Type: Function
Default: undefined
Callback that is run when a parsed flag has not been defined as a known key or alias. Its only parameter is the unknown flag itself; eg --foobar
or -f
.
Once an unknown flag is encountered, parsing will terminate, regardless of your return value.
Note:
mri
only checks for unknown flags ifoptions.unknown
andoptions.alias
are populated. Otherwise, everything will be accepted.
mri
is 5x faster (see benchmarks)Number
s when possible
opts.boolean
or opts.string
Boolean
s by default:
minimist(['-abc', 'hello']);
//=> { _:[], a:'', b:'', c:'hello' }
mri(['-abc', 'hello']);
//=> { _:[], a:true, b:true, c:'hello' }
opts.unknown
behaves differently:
minimist
, mri
will not continue continue parsing after encountering an unknown flagoptions
:
opts.stopEarly
opts['--']
\n
) within args (see test)mri
is 40x faster (see benchmarks)Number
s when possible
opts.boolean
or opts.string
options
:
opts.array
opts.config
opts.coerce
opts.count
opts.envPrefix
opts.narg
opts.normalize
opts.configuration
opts.number
opts['--']
parser.detailed()
methodoptions.unknown
featureRunning Node.js v10.13.0
Load Times:
nopt 3.179ms
yargs-parser 2.137ms
minimist 0.746ms
mri 0.517ms
Benchmark:
minimist x 328,747 ops/sec ±1.09% (89 runs sampled)
mri x 1,622,801 ops/sec ±0.94% (92 runs sampled)
nopt x 888,223 ops/sec ±0.22% (92 runs sampled)
yargs-parser x 30,538 ops/sec ±0.81% (91 runs sampled)
MIT © Luke Edwards
FAQs
Quickly scan for CLI flags and arguments
We found that mri demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.