Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Read, Write, List and do all sorts of funky stuff to the windows registry using node.js and windows script host
Read, Write, List and do all sorts of funky stuff to the windows registry using node.js and windows script host.
No pesky native code :-)
var regedit = require('regedit')
regedit.list('HKCU\\SOFTWARE', function(err, result) {
...
})
regedit.putValue({
'HKCU\\SOFTWARE\\MyApp': {
'Company': {
value: 'Moo corp',
type: 'REG_SZ'
},
'Version': { ... }
},
'HKLM\\SOFTWARE\\MyApp2': { ... }
}, function(err) {
...
})
regedit.createKey(['HKLM\\SOFTWARE\\Moo', 'HKCU\\SOFTWARE\\Foo'], function(err) {
...
})
When launching a 32bit application in 64bit environment, some of your paths will be relative to wow6432node. Things might get a little unexpected if you try to find something you thought was in HKLM\Software when in fact it is located at HKLM\Software\wow6432node. To overcome this the arch methods were added.
Further reading here
This software uses Windows Script Host to read and write to the registry. For that purpose, it will execute .wsf
files. When packaging the app's dependencies with ASAR, node-regedit
will not be able to access the windows script files, because they are bundled in a single ASAR file. Therefore it is necessary to store the .wsf
files elsewhere, outside of the packaged asar file. You can set your custom location for the files with setExternalVBSLocation(location)
:
// Assuming the files lie in <app>/resources/my-location
const vbsDirectory = path.join(path.dirname(electron.remote.app.getPath('exe')), './resources/my-location');
regedit.setExternalVBSLocation(vbsDirectory);
Every command executes a sub process that runs vbscript code. To boost efficiency, every command supports batching.
Lists the direct content of one or more sub keys. Specify an array instead of a string to query multiple keys in the same run.
Given the command:
regedit.list(['HKCU\\SOFTWARE', 'HKLM\\SOFTWARE'], function(err, result) {
...
})
Result will be an object with the following structure:
{
'HKCU\\SOFTWARE': {
keys: [ 'Google', 'Microsoft', ... more direct sub keys ]
values: {
'valueName': {
value: '123',
type: 'REG_SZ'
}
... more direct child values of HKCU\\SOFTWARE
}
},
'HKLM\\SOFTWARE': {
keys: [ 'Google', 'Microsoft', ... more direct sub keys ]
values: {
'valueName': {
value: '123',
type: 'REG_SZ'
}
... more direct child values of HKLM\\SOFTWARE
}
}
}
In the windows registry a key may have a default value. When enumarting value names, the default value's name will be empty. This presents a minor problem when including the empty value in a set with other values since it cannot be safely named with anything but the empty string, for fear of collision with other values.
Thus, accessing the default value becomes slightly awkward:
regedit.list('path\\to\\default\\value', function (err, result) {
var defaultValue = result['path\\to\\default\\value'].values[''].value
})
For now this is how its going to be, but in the future this will probably change, possibly in a way that will effect the whole interface.
list with callback api will be deperecated and eventually removed in future versions, take a look at the streaming interface below
Same as regedit.list([String|Array], [Function]) exposes a streaming interface instead of a callback. This is useful for situations where you have a lot of data coming in and out of the list process. Eventually this will completely replace the list() with callback api
This operation will mutate the keys array
Example:
regedit.list(['HKCU\\SOFTWARE', 'HKLM\\SOFTWARE'])
.on('data', function(entry) {
console.log(entry.key)
console.log(entry.data)
})
.on('finish', function () {
console.log('list operation finished')
})
This code output will look like this:
HKCU\\SOFTWARE
{
keys: [ 'Google', 'Microsoft', ... more direct sub keys ]
values: {
'valueName': {
value: '123',
type: 'REG_SZ'
}
... more direct child values of HKCU\\SOFTWARE
}
}
HKLM\\SOFTWARE
{
keys: [ 'Google', 'Microsoft', ... more direct sub keys ]
values: {
'valueName': {
value: '123',
type: 'REG_SZ'
}
... more direct child values of HKLM\\SOFTWARE
}
}
same as regedit.list([String|Array], [Function]), only force a 32bit architecture on the registry
streaming interface, see regedit.list([String|Array])
same as list, only force a 64bit architecture on the registry
streaming interface, see regedit.list([String|Array])
same as list, only force your system architecture on the registry (select automatically between list64 and list32)
streaming interface, see regedit.list([String|Array])
Creates one or more keys in the registry This operation will mutate the keys array
Deletes one or more keys in the registry This operation will mutate the keys array
Put one or more values in the registry. The Object given to this function is almost identical to the result of regedit.list().
Here is an example:
var valuesToPut = {
'HKCU\\Software\\MySoftware': {
'myValue1': {
value: [1,2,3],
type: 'REG_BINARY'
},
'myValue2': {
value: 'aString',
type: 'REG_SZ'
}
},
'HKCU\\Software\\MySoftware\\foo': {
'myValue3': {
value: ['a', 'b', 'c']
type: 'REG_MULTI_SZ'
}
}
}
regedit.putValue(valuesToPut, function(err) {
})
Supported value types are:
When including a default value in a putValue operation, one must use the REG_DEFAULT type. Further more, the name of the value is insignificant since in the registry the default value has no name, but because of the way the node and the vb processes communicate a name must be used. Please note that the only legal value type of a default value is REG_SZ
this is a temporary solution and is subject to change in future versions
var values = {
'HKCU\\Software\\MySoftware': {
'someNameIDontCareAbout': {
value: 'Must be a string',
type: 'REG_DEFAULT'
},
'myValue2': {
value: 'aString',
type: 'REG_SZ'
}
}
}
regedit.putValue(values, function (err) {
})
For now this is how its going to be, but in the future this will probably change, possibly in a way that will effect the whole interface.
mocha -R spec
set DEBUG=regedit
deleteValue()
FAQs
Read, Write, List and do all sorts of funky stuff to the windows registry using node.js and windows script host
The npm package regedit receives a total of 58,192 weekly downloads. As such, regedit popularity was classified as popular.
We found that regedit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.