Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The optimist npm package is a command-line option parser for Node.js. It allows developers to parse arguments passed to their Node.js applications and use them as options within the application. It provides a simple and fluent API to define and access command-line arguments.
Option Parsing
This feature allows the parsing of command-line arguments. In the code sample, optimist is used to parse the 'name' argument from the command line and print a greeting message.
const argv = require('optimist').argv;
console.log('Hello, ' + argv.name + '!');
Default Values
This feature allows setting default values for command-line arguments. In the code sample, if the 'name' argument is not provided, it defaults to 'World'.
const argv = require('optimist').default('name', 'World').argv;
console.log('Hello, ' + argv.name + '!');
Demand Options
This feature makes certain command-line arguments mandatory. In the code sample, the 'name' argument is required, and the script will not run without it.
const argv = require('optimist').demand(['name']).argv;
console.log('Hello, ' + argv.name + '!');
Usage Messages
This feature allows developers to provide usage messages for their command-line applications. In the code sample, a usage message is defined to guide the user on how to run the script.
const argv = require('optimist').usage('Usage: $0 --name [name]').argv;
console.log('Hello, ' + argv.name + '!');
Boolean Flags
This feature allows the definition of boolean flags. In the code sample, a 'verbose' flag is defined, which can be turned on or off.
const argv = require('optimist').boolean('verbose').argv;
console.log('Verbose mode is ' + (argv.verbose ? 'on' : 'off'));
Yargs is a modern and feature-rich command-line argument parser that has succeeded optimist. It offers similar functionalities but with additional features like command chaining, advanced parsing, and automatic help generation.
Commander is another popular npm package for command-line interfaces. It provides a high-level API for defining commands, options, and subcommands, making it more suitable for complex CLI applications compared to optimist.
Minimist is a minimalistic command-line argument parser. It is more lightweight than optimist and focuses on simplicity and performance, with fewer features and a smaller footprint.
Argparse is a node.js version of the Python argument parsing library. It offers a rich set of features for argument parsing, including subcommands and nested parsers, making it a powerful alternative to optimist.
I don't want to maintain this module anymore since I just use minimist, the argument parsing engine, directly instead nowadays.
See yargs for the modern, pirate-themed successor to optimist.
You should also consider nomnom.
Optimist is a node.js library for option parsing for people who hate option parsing. More specifically, this module is for people who like all the --bells and -whistlz of program usage but think optstrings are a waste of time.
With optimist, option parsing doesn't have to suck (as much).
xup.js:
#!/usr/bin/env node
var argv = require('optimist').argv;
if (argv.rif - 5 * argv.xup > 7.138) {
console.log('Buy more riffiwobbles');
}
else {
console.log('Sell the xupptumblers');
}
$ ./xup.js --rif=55 --xup=9.52
Buy more riffiwobbles
$ ./xup.js --rif 12 --xup 8.1
Sell the xupptumblers
short.js:
#!/usr/bin/env node
var argv = require('optimist').argv;
console.log('(%d,%d)', argv.x, argv.y);
$ ./short.js -x 10 -y 21
(10,21)
bool.js:
#!/usr/bin/env node
var util = require('util');
var argv = require('optimist').argv;
if (argv.s) {
util.print(argv.fr ? 'Le chat dit: ' : 'The cat says: ');
}
console.log(
(argv.fr ? 'miaou' : 'meow') + (argv.p ? '.' : '')
);
$ ./bool.js -s
The cat says: meow
$ ./bool.js -sp
The cat says: meow.
$ ./bool.js -sp --fr
Le chat dit: miaou.
argv._
!nonopt.js:
#!/usr/bin/env node
var argv = require('optimist').argv;
console.log('(%d,%d)', argv.x, argv.y);
console.log(argv._);
$ ./nonopt.js -x 6.82 -y 3.35 moo
(6.82,3.35)
[ 'moo' ]
$ ./nonopt.js foo -x 0.54 bar -y 1.12 baz
(0.54,1.12)
[ 'foo', 'bar', 'baz' ]
divide.js:
#!/usr/bin/env node
var argv = require('optimist')
.usage('Usage: $0 -x [num] -y [num]')
.demand(['x','y'])
.argv;
console.log(argv.x / argv.y);
$ ./divide.js -x 55 -y 11
5
$ node ./divide.js -x 4.91 -z 2.51
Usage: node ./divide.js -x [num] -y [num]
Options:
-x [required]
-y [required]
Missing required arguments: y
default_singles.js:
#!/usr/bin/env node
var argv = require('optimist')
.default('x', 10)
.default('y', 10)
.argv
;
console.log(argv.x + argv.y);
$ ./default_singles.js -x 5
15
default_hash.js:
#!/usr/bin/env node
var argv = require('optimist')
.default({ x : 10, y : 10 })
.argv
;
console.log(argv.x + argv.y);
$ ./default_hash.js -y 7
17
boolean_single.js
#!/usr/bin/env node
var argv = require('optimist')
.boolean('v')
.argv
;
console.dir(argv);
$ ./boolean_single.js -v foo bar baz
true
[ 'bar', 'baz', 'foo' ]
boolean_double.js
#!/usr/bin/env node
var argv = require('optimist')
.boolean(['x','y','z'])
.argv
;
console.dir([ argv.x, argv.y, argv.z ]);
console.dir(argv._);
$ ./boolean_double.js -x -z one two three
[ true, false, true ]
[ 'one', 'two', 'three' ]
You can describe parameters for help messages and set aliases. Optimist figures out how to format a handy help string automatically.
line_count.js
#!/usr/bin/env node
var argv = require('optimist')
.usage('Count the lines in a file.\nUsage: $0')
.demand('f')
.alias('f', 'file')
.describe('f', 'Load a file')
.argv
;
var fs = require('fs');
var s = fs.createReadStream(argv.file);
var lines = 0;
s.on('data', function (buf) {
lines += buf.toString().match(/\n/g).length;
});
s.on('end', function () {
console.log(lines);
});
$ node line_count.js
Count the lines in a file.
Usage: node ./line_count.js
Options:
-f, --file Load a file [required]
Missing required arguments: f
$ node line_count.js --file line_count.js
20
$ node line_count.js -f line_count.js
20
By itself,
require('optimist').argv
will use process.argv
array to construct the argv
object.
You can pass in the process.argv
yourself:
require('optimist')([ '-x', '1', '-y', '2' ]).argv
or use .parse() to do the same thing:
require('optimist').parse([ '-x', '1', '-y', '2' ])
The rest of these methods below come in just before the terminating .argv
.
Set key names as equivalent such that updates to a key will propagate to aliases and vice-versa.
Optionally .alias()
can take an object that maps keys to aliases.
Set argv[key]
to value
if no option was specified on process.argv
.
Optionally .default()
can take an object that maps keys to default values.
If key
is a string, show the usage information and exit if key
wasn't
specified in process.argv
.
If key
is a number, demand at least as many non-option arguments, which show
up in argv._
.
If key
is an Array, demand each element.
Describe a key
for the generated usage information.
Optionally .describe()
can take an object that maps keys to descriptions.
Instead of chaining together .alias().demand().default()
, you can specify
keys in opt
for each of the chainable methods.
For example:
var argv = require('optimist')
.options('f', {
alias : 'file',
default : '/etc/passwd',
})
.argv
;
is the same as
var argv = require('optimist')
.alias('f', 'file')
.default('f', '/etc/passwd')
.argv
;
Optionally .options()
can take an object that maps keys to opt
parameters.
Set a usage message to show which commands to use. Inside message
, the string
$0
will get interpolated to the current script name or node command for the
present script similar to how $0
works in bash or perl.
Check that certain conditions are met in the provided arguments.
If fn
throws or returns false
, show the thrown error, usage information, and
exit.
Interpret key
as a boolean. If a non-flag option follows key
in
process.argv
, that string won't get set as the value of key
.
If key
never shows up as a flag in process.arguments
, argv[key]
will be
false
.
If key
is an Array, interpret all the elements as booleans.
Tell the parser logic not to interpret key
as a number or boolean.
This can be useful if you need to preserve leading zeros in an input.
If key
is an Array, interpret all the elements as strings.
Format usage output to wrap at columns
many columns.
Return the generated usage string.
Print the usage data using fn
for printing.
Parse args
instead of process.argv
. Returns the argv
object.
Get the arguments as a plain old object.
Arguments without a corresponding flag show up in the argv._
array.
The script name or node command is available at argv.$0
similarly to how $0
works in bash or perl.
Use --
to stop parsing flags and stuff the remainder into argv._
.
$ node examples/reflect.js -a 1 -b 2 -- -c 3 -d 4
{ _: [ '-c', '3', '-d', '4' ],
'$0': 'node ./examples/reflect.js',
a: 1,
b: 2 }
If you want to explicity set a field to false instead of just leaving it
undefined or to override a default you can do --no-key
.
$ node examples/reflect.js -a --no-b
{ _: [],
'$0': 'node ./examples/reflect.js',
a: true,
b: false }
Every argument that looks like a number (!isNaN(Number(arg))
) is converted to
one. This way you can just net.createConnection(argv.port)
and you can add
numbers out of argv
with +
without having that mean concatenation,
which is super frustrating.
If you specify a flag multiple times it will get turned into an array containing all the values in order.
$ node examples/reflect.js -x 5 -x 8 -x 0
{ _: [],
'$0': 'node ./examples/reflect.js',
x: [ 5, 8, 0 ] }
When you use dots (.
s) in argument names, an implicit object path is assumed.
This lets you organize arguments into nested objects.
$ node examples/reflect.js --foo.bar.baz=33 --foo.quux=5
{ _: [],
'$0': 'node ./examples/reflect.js',
foo: { bar: { baz: 33 }, quux: 5 } }
Short numeric head -n5
style argument work too:
$ node reflect.js -n123 -m456
{ '3': true,
'6': true,
_: [],
'$0': 'node ./reflect.js',
n: 123,
m: 456 }
With npm, just do: npm install optimist
or clone this project on github:
git clone http://github.com/substack/node-optimist.git
To run the tests with expresso, just do:
expresso
This module is loosely inspired by Perl's Getopt::Casual.
FAQs
Light-weight option parsing with an argv hash. No optstrings attached.
We found that optimist demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.