Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The run-node package is a utility that helps you run Node.js scripts with the correct version of Node.js. It ensures that the script is executed with the Node.js version specified in your project's configuration, such as in the .nvmrc file or the engines field in package.json.
Run Node.js script with the correct version
This feature allows you to run a Node.js script using the version of Node.js specified in your project's configuration. The command ensures that the correct version of Node.js is used, which is particularly useful in environments where multiple versions of Node.js are installed.
npx run-node script.js
Compatibility with nvm and nvm-windows
The run-node package is compatible with both nvm (Node Version Manager) and nvm-windows. This means it can automatically detect and use the Node.js version specified in the .nvmrc file, making it easier to manage Node.js versions across different environments.
npx run-node script.js
nvm (Node Version Manager) is a tool that allows you to manage multiple versions of Node.js on a single machine. It lets you switch between different versions of Node.js easily. Unlike run-node, nvm is a more comprehensive tool for managing Node.js versions, but it requires manual switching of versions.
n is another Node.js version manager that allows you to install and switch between different versions of Node.js. It is similar to nvm but has a simpler interface and fewer features. Like nvm, it does not automatically run scripts with the correct Node.js version, which is a feature provided by run-node.
Volta is a JavaScript tool manager that ensures your projects always use the correct version of Node.js and other tools. It automatically installs and runs the correct version of Node.js specified in your project's configuration. Volta provides similar functionality to run-node but also includes management for other tools like npm and yarn.
Run the Node.js binary no matter what
You can't always assume running $ node file.js
will just work. The user might have the node
binary in a non-standard location. They might be using a Node.js version manager like nvm
, which is sourced in a subshell and not available from the outside. Or they might have node
installed as a local dependency in an npm project. It also depends from where you're trying to run it. For example, GUI apps on macOS doesn't inherit the $PATH
, so the node
binary would not be found. Most projects that depend on Node.js just end up telling the user to manually set the full path to the node
binary in some project specific settings. Now every project has to do this. Ugh... I prefer things to just work. With this module it will.
This Bash script uses some tricks to find the Node.js binary on your system and run it.
Can be used from any environment that can spawn a process (Shell, Python, Ruby, Swift, Objective-C, etc).
$ npm install run-node
$ ./node_modules/.bin/run-node file.js
Or in an npm run script:
{
"start": "run-node file.js"
}
If the node
package is found in the local node_modules
directory (for instance, if you have it installed as a devDependency of your npm project), this is the node
binary that will be used.
Download the run-node file:
$ curl -sSLO https://github.com/sindresorhus/run-node/raw/master/run-node && chmod +x run-node
./run-node file.js
The cache path and error message are defined by the RUN_NODE_CACHE_PATH
and RUN_NODE_ERROR_MSG
environment variables. You could use them in a script or add them to your ~.bashrc
.
Default config:
export RUN_NODE_ERROR_MSG="Couldn't find the Node.js binary. Ensure you have Node.js installed. Open an issue on https://github.com/sindresorhus/run-node"
export RUN_NODE_CACHE_PATH="/home/username/.node_path"
If the RUN_NODE_CACHE_PATH
environment variable is defined explicitly, the script it points to will be sourced before looking for a node
binary. You can use this script to override your PATH
variable so that a specific node
binary is found.
FAQs
Run the Node.js binary no matter what
The npm package run-node receives a total of 554,710 weekly downloads. As such, run-node popularity was classified as popular.
We found that run-node demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.