Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
npm-which
Advanced tools
Readme
Use npm-which
to locate executables which may be installed in the
local 'node_modules/.bin', or in a parent 'node_modules/.bin' directory.
npm-which
runs in the context of an npm lifecycle script with its npm-modified PATH.
i.e. if you install a module that has an executable script using npm install, that module's executable will be picked up by npm-which
from anywhere in the ./node_modules tree.
> npm install -g npm-which
npm-which
will find executables relative to the cwd you supply.
The cwd is required in order to be explicit and reduce confusion when
things that should be found are not.
var which = require('npm-which')(process.cwd()) // remember to supply cwd
which('tape', function(err, pathToTape) {
if (err) return console.error(err.message)
console.log(pathToTape) // /Users/.../node_modules/.bin/tape
})
var which = require('npm-which')(__dirname) // __dirname often good enough
var pathToTape = which.sync('tape')
console.log(pathToTape) // /Users/.../node_modules/.bin/tape
Both async and sync versions take an optional options object:
options.env
if you wish to use something other than process.env
(the default)options.cwd
to supply the cwd as a named argument. Mainly for semi-backwards compatibility with npm-which 1.0.0.which('tape', {cwd: '/some/other/path'}, function() {
// ...
})
> npm-which tape
/Users/timoxley/Projects/npm-which/node_modules/.bin/tape
This is the equivalent of running an npm script with the body: which tape
.
# unless something is installed in a node_modules
# npm-which and which(1) will have the same output:
> which tape
/usr/local/bin/tape
> npm-which tape
/usr/local/bin/tape
# install tape local to current dir
# tape includes an executable 'tape'
> npm install tape
> ./node_modules/.bin/tape && echo 'found'
found
# vanilla which(1) still finds global tape
> which tape
/usr/local/bin/tape
# npm-which finds locally installed tape :)
> npm-which tape
/Users/timoxley/Projects/npm-which/node_modules/.bin/tape
npm bin
is very slow; it has to wait for all of npm to boot up – this often takes longer than the actual script you want to execute!npm bin
returns the location of the ./node_modules/.bin
directory, but it does not take into account being called within the context of another module, also, npm slow.MIT
FAQs
Locate a program or locally installed node module's executable
The npm package npm-which receives a total of 432,326 weekly downloads. As such, npm-which popularity was classified as popular.
We found that npm-which demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.