Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
npm-run
Advanced tools
Readme
Use npm-run
to ensure you're using the same version of a package on the command-line and in package.json scripts.
Any executable available to an npm lifecycle script is available to npm-run
.
> npm install mocha # mocha installed in ./node_modules
> npm-run mocha test/* # uses locally installed mocha executable
> npm-run --help
Usage: npm-run command [...args]
Options:
--version Display version & exit.
--help Display this help & exit.
Hint: to print augmented path use:
npm-run node -p process.env.PATH
> npm install -g npm-run
The API of npm-run
basically wraps core child_process
methods (exec, spawn, etc) such that locally install package executables will be on the PATH when the command runs.
Alias of npmRun.exec.
Takes same arguments as node's exec.
npmRun.exec('mocha --debug-brk --sort', {cwd: __dirname + '/tests'}, function (err, stdout, stderr) {
// err Error or null if there was no error
// stdout Buffer|String
// stderr Buffer|String
})
Alias of npmRun.execSync
Takes same arguments as node's execSync.
var stdout = npmRun.execSync(
'mocha --debug-brk --sort',
{cwd: __dirname + '/tests'}
)
stdout // command output as Buffer|String
Takes same arguments as node's spawnSync.
var child = npmRun.spawnSync(
'mocha',
'--debug-brk --sort'.split(' '),
{cwd: __dirname + '/tests'}
)
child.stdout // stdout Buffer|String
child.stderr // stderr Buffer|String
child.status // exit code
Takes same arguments as node's spawn.
var child = npmRun.spawn(
'mocha',
'--debug-brk --sort'.split(' '),
{cwd: __dirname + '/tests'}
)
child.stdout // stdout Stream
child.stderr // stderr Stream
child.on('exit', function (code) {
code // exit code
})
Due to npm's install algorithm node_modules/.bin
is not guaranteed to contain your executable. npm-run
uses the same mechanism npm uses to locate the correct executable.
MIT
FAQs
Run executables for locally-installed packages without using ./node_modules/.bin
The npm package npm-run receives a total of 41,507 weekly downloads. As such, npm-run popularity was classified as popular.
We found that npm-run demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.