Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
NodeJS package that gives a simplier API to npm install (programatically installs things)
npm@^2
npm@^3
npm@^5
:warning: Be advised that
npm
in itsv5+
will symlink local modules from the destination directory to the actual module directory instead of "installing" them old-school style (which is a breaking change regarding the previous npm versions)
Type: String
Optional: true
If you don't specify a name
in options, but just a path
, npmi will do the same as if you were at this path in a terminal and executing npm install
Otherwise, it will install the module specified by this name like npm install module-name
does.
Type: String
Optional: true
Default 'latest'
Desired version for installation
Type: String
Optional: true
Default '.'
Desired location for installation (note that if you specified /some/foo/path, npm will automatically create a node_modules
sub-folder at this location, resulting in /some/foo/path/node_modules
). So don't specify the node_modules
part in your path
Type: Boolean
Optional: true
Default false
If true, npmi will install options.name
module even though it has already been installed.
If false, npmi will check if the module is already installed, if it is, it will also check if the installed version is equal to options.version
, otherwise, it will install options.name@options.version
Type: Boolean
Optional: true
Default false
Allows npmi to install local module that are not on npm registry. If, you want to install a local module by specifying its full path in options.name
, you need to set this to true
.
Type: Object
Optional: true
Default {loglevel: 'silent'}
This object is given to npm and allows you to do some fine-grained npm configurations.
It is processed by npm like command-line arguments but within an Object map (npm-config)
var npmi = require('npmi');
var path = require('path');
console.log(npmi.NPM_VERSION); // prints the installed npm version used by npmi
var options = {
name: 'your-module', // your module name
version: '0.0.1', // expected version [default: 'latest']
path: '.', // installation path [default: '.']
forceInstall: false, // force install if set to true (even if already installed, it will do a reinstall) [default: false]
npmLoad: { // npm.load(options, callback): this is the "options" given to npm.load()
loglevel: 'silent' // [default: {loglevel: 'silent'}]
}
};
npmi(options, function (err, result) {
if (err) {
if (err.code === npmi.LOAD_ERR) console.log('npm load error');
else if (err.code === npmi.INSTALL_ERR) console.log('npm install error');
return console.log(err.message);
}
// installed
console.log(options.name+'@'+options.version+' installed successfully in '+path.resolve(options.path));
});
This work has been done in the context of the HEADS Project
FAQs
Gives a simplier API to npm install (programatically installs stuffs)
The npm package npmi receives a total of 5,963 weekly downloads. As such, npmi popularity was classified as popular.
We found that npmi demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.