Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The ora npm package is a terminal spinner for Node.js applications. It provides an easy way to display a spinner in the command line interface (CLI) during the execution of long-running tasks, giving users a visual cue that processing is taking place. It is highly customizable and can be used to enhance the user experience in CLI tools.
Basic spinner
This code sample demonstrates how to create a basic spinner that starts with a message, runs for a specified duration, and then marks the operation as successful.
const ora = require('ora');
const spinner = ora('Loading unicorns').start();
setTimeout(() => {
spinner.succeed('Unicorns loaded');
}, 1000);
Customize spinner color, text, and spinner
This code sample shows how to customize the spinner's appearance by setting the color, text, and spinner design. It also demonstrates how to update these properties while the spinner is running.
const ora = require('ora');
const spinner = ora({
text: 'Loading rainbows',
color: 'magenta',
spinner: 'moon'
}).start();
setTimeout(() => {
spinner.color = 'yellow';
spinner.text = 'Loading sun';
}, 1000);
Control spinner success and failure
This code sample illustrates how to control the spinner to indicate success or failure of an operation. In this case, the spinner is stopped with a failure message.
const ora = require('ora');
const spinner = ora('Loading with great anticipation').start();
setTimeout(() => {
spinner.fail('Something went wrong');
}, 1000);
cli-spinners provides a collection of spinners for use in the terminal, similar to ora, but it does not manage the spinner state or provide methods to start, succeed, or fail. It is more of a raw collection of spinner designs.
clui is a collection of Node.js command line UI components, which includes a spinner similar to ora. However, clui offers a broader set of UI components such as gauges, progress bars, and line charts, making it more versatile for building complex CLI interfaces.
log-update is a package that allows you to log by overwriting the previous output in the terminal. While it doesn't provide a built-in spinner, it can be used to create custom spinners or other dynamic terminal interfaces by manually controlling the output rendering.
Elegant terminal spinner
$ npm install ora
const ora = require('ora');
const spinner = ora('Loading unicorns').start();
setTimeout(() => {
spinner.color = 'yellow';
spinner.text = 'Loading rainbows';
}, 1000);
If a string is provided, it is treated as a shortcut for options.text
.
Type: Object
Type: string
Text to display after the spinner.
Type: string
Text to display before the spinner.
Type: string
Object
Default: dots
Name of one of the provided spinners. See example.js
in this repo if you want to test out different spinners. On Windows, it will always use the line
spinner as the Windows command-line doesn't have proper Unicode support.
Or an object like:
{
interval: 80, // Optional
frames: ['-', '+', '-']
}
Type: string
Default: cyan
Values: black
red
green
yellow
blue
magenta
cyan
white
gray
Color of the spinner.
Type: boolean
Default: true
Set to false
to stop Ora from hiding the cursor.
Type: number
Default: 0
Indent the spinner with the given number of spaces.
Type: number
Default: Provided by the spinner or 100
Interval between each frame.
Spinners provide their own recommended interval, so you don't really need to specify this.
Type: stream.Writable
Default: process.stderr
Stream to write the output.
You could for example set this to process.stdout
instead.
Type: boolean
Force enable/disable the spinner. If not specified, the spinner will be enabled if the stream
is being run inside a TTY context (not spawned or piped) and/or not in a CI environment.
Note that {isEnabled: false}
doesn't mean it won't output anything. It just means it won't output the spinner, colors, and other ansi escape codes. It will still log text.
Start the spinner. Returns the instance. Set the current text if text
is provided.
Stop and clear the spinner. Returns the instance.
Stop the spinner, change it to a green ✔
and persist the current text, or text
if provided. Returns the instance. See the GIF below.
Stop the spinner, change it to a red ✖
and persist the current text, or text
if provided. Returns the instance. See the GIF below.
Stop the spinner, change it to a yellow ⚠
and persist the current text, or text
if provided. Returns the instance.
Stop the spinner, change it to a blue ℹ
and persist the current text, or text
if provided. Returns the instance.
A boolean of whether the instance is currently spinning.
Stop the spinner and change the symbol or text. Returns the instance. See the GIF below.
Type: Object
Type: string
Default: ' '
Symbol to replace the spinner with.
Type: string
Default: Current text
Text to be persisted after the symbol
Type: string
Default: Current prefixText
Text to be persisted before the symbol.
Clear the spinner. Returns the instance.
Manually render a new frame. Returns the instance.
Get a new frame.
Change the text after the spinner.
Change the text before the spinner.
Change the spinner color.
Change the spinner.
Change the spinner indent.
Starts a spinner for a promise. The spinner is stopped with .succeed()
if the promise fulfills or with .fail()
if it rejects. Returns the spinner instance.
Type: Promise
MIT © Sindre Sorhus
FAQs
Elegant terminal spinner
The npm package ora receives a total of 24,680,666 weekly downloads. As such, ora popularity was classified as popular.
We found that ora demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.