Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
sudo-prompt-alt
Advanced tools
Run a command using sudo, prompting the user with an OS dialog if necessary
Run a non-graphical terminal command using sudo
, prompting the user with a graphical OS dialog if necessary. Useful for background Node.js applications or native Electron apps that need sudo
.
sudo-prompt
provides a native OS dialog prompt on macOS, Linux and Windows.
sudo-prompt
has no external dependencies and does not require any native bindings.
npm install sudo-prompt
Note: Your command should not start with the sudo
prefix.
var sudo = require('sudo-prompt');
var options = {
name: 'Electron',
icns: '/Applications/Electron.app/Contents/Resources/Electron.icns', // (optional)
};
sudo.exec('echo hello', options,
function(error, stdout, stderr) {
if (error) throw error;
console.log('stdout: ' + stdout);
}
);
sudo-prompt
will use process.title
as options.name
if options.name
is not provided. options.name
must be alphanumeric only (spaces are supported) and at most 70 characters.
sudo-prompt
will preserve the current working directory on all platforms. Environment variables can be set explicitly using options.env
.
sudo-prompt.exec()
is different to child-process.exec()
in that no child process is returned (due to platform and permissions constraints).
On macOS, sudo-prompt
should behave just like the sudo
command in the shell. If your command does not work with the sudo
command in the shell (perhaps because it uses >
redirection to a restricted file), then it may not work with sudo-prompt
. However, it is still possible to use sudo-prompt to get a privileged shell, see this closed issue for more information.
On Linux, sudo-prompt
will use either pkexec
or kdesudo
to show the password prompt and run your command. Where possible, sudo-prompt
will try and get these to mimic sudo
. Depending on which binary is used, and due to the limitations of some binaries, the name of your program or the command itself may be displayed to your user. sudo-prompt
will not use gksudo
since gksudo
does not support concurrent prompts. Passing options.icns
is currently not supported by sudo-prompt
on Linux. Patches are welcome to add support for icons based on polkit
.
On Windows, sudo-prompt
will elevate your command using User Account Control (UAC). Passing options.name
or options.icns
is currently not supported by sudo-prompt
on Windows.
Just as you should never use sudo
to launch any graphical applications, you should never use sudo-prompt
to launch any graphical applications. Doing so could cause files in your home directory to become owned by root. sudo-prompt
is explicitly designed to launch non-graphical terminal commands. For more information, read this post.
On systems where the user has opted to have tty-tickets
enabled (most systems), each call to exec()
will result in a separate password prompt. Where tty-tickets
are disabled, subsequent calls to exec()
will still require a password prompt, even where the user's sudo
timestamp file remains valid, due to edge cases with sudo
itself, see this discussion for more information.
You should never rely on sudo-prompt
to execute your calls in order. If you need to enforce ordering of calls, then you should explicitly order your calls in your application. Where your commands are short-lived, you should always queue your calls to exec()
to make sure your user is not overloaded with password prompts.
On macOS and Linux, you can invalidate the user's sudo
timestamp file to force the prompt to appear by running the following command in your terminal:
$ sudo -k
This is from the source code repository https://github.com/jorangreef/sudo-prompt, We will continue to maintain and improve features and stability.
FAQs
Run a command using sudo, prompting the user with an OS dialog if necessary
The npm package sudo-prompt-alt receives a total of 15 weekly downloads. As such, sudo-prompt-alt popularity was classified as not popular.
We found that sudo-prompt-alt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.