Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Create UNIX-style CLI applications in Node
pee-kood - Hebrew (not Danish, although I encourage you to look that up if you want a good laugh) for "command"
Inspired by https://github.com/codegangsta/cli
$ npm install --save pikud
A CLI app built with pikud
consists of either a single command or unlimited nested commands. Each command can have its own flags. Flags are inherited from parent commands and can be overridden on the child if the child allows the same flag.
Flags are defined by a FlagSet
, which consists of any mix of StringFlag
, NumberFlag
, or BoolFlag
. See below examples.
If you set allowMultiple:true
when defining a StringFlag
or NumberFlag
, the flag will be parsed as an array rather than a single value (think Docker's -e
flag). For example:
new StringFlag('environment', {
alias:'e',
allowMultiple:true
});
$ myapp -e "foo=bar" -e "baz=bing" -e "boop=scoop"
Each command also automatically has a help flag (--help
or -h
) which will show the command's usage in a nice little table.
If a command has no sub-commands then it must have an action
. The action
takes any arguments passed via command line as well as the flags that were parsed. An action can either return a value, in which case that value will be written to the console at the end of execution, OR a Promise
. If it returns a Promise
, then pikud
will handle it asynchronously.
Actions are bound to their commands using Function.call
, so you can introspect the command or run this.help()
to display the help text.
import { Command } from 'pikud';
let main = new Command('my-app', {
action:(args, flags) => {
console.log('Doing action with args', args, 'flags', flags);
}
});
main.run(process.argv);
$ my-app arg1 arg2 arg3
import { FlagSet, StringFlag, BoolFlag, NumberFlag, Command } from 'pikud';
let main = new Command('my-app', {
flags:new FlagSet([
new StringFlag('foo', {
alias:'f',
defaultValue:'asdf',
envVar:'FOO',
description:'Which foo to use?'
}),
new BoolFlag('bar', {
alias:'b',
description:'Turn on the bar'
})
]),
action:(args, flags) => {
console.log('Doing action with args', args, 'flags', flags);
}
});
main.run(process.argv);
$ my-app -f "asdf" -b arg1 arg2 arg3
import { FlagSet, StringFlag, BoolFlag, NumberFlag, Command } from 'pikud';
let main = new Command('my-app', {
flags:new FlagSet([
new BoolFlag('foo', {
alias:'f',
description:'Turn on the foo'
}),
new BoolFlag('bar', {
alias:'b',
description:'Turn on the bar'
})
]),
subCommands:{
cmd1:new Command('cmd1', {
description:'Do command 1',
flags: new FlagSet([
new StringFlag('baz', {
alias:'z',
description:'Tell me the baz'
})
]),
action:(args, flags) => {
console.log('Doing cmd 1 with ', args, flags);
}
})
}
});
main.run(process.argv);
$ my-app -fb cmd1 --baz "This is the baz value" arg1 arg2 arg3
FAQs
Easily create command-line apps
We found that pikud demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.