Security News
Crates.io Implements Trusted Publishing Support
Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.
By Sarah Gooding - Jul 16, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
template-copy
Advanced tools
template-copy
Tiny scaffolding engine
Like cp, but with Lodash templates
Install
npm i template-copy
Usage
const t = require('template-copy');
t('index.html templates/ ~/.config/templates/ava/ test/');
.catch((err) => {
console.log('ERR', err);
})
.then(() => {
console.log('done');
});
Description
File copy is done using Streams, with lodash.template parsing files if they
have template placeholders {{ ... }}.
Handlebars template are executed in the context of the following object:
Object.assign({}, env, opts)
// where `env` and `opts` have the following structure
{
env: {
PATH: '...',
...
},
opts: {
debug: true,
name: 'Foobar'
}
}
The templates context is a merged version of various sources, with the following order of precedence:
- opts - Command line flags as parsed by minimist
- env -
process.envvariables begining withhcp_ - prompts - Generated prompts, see below
Prompts
Handlebars templates can have any number of placeholders. Variables are either available in the context object, or automatically prompted for the user to enter a value.
Skipping a prompt is then available with --name Value.
To enable it, inquirer must be installed and available in node_modules.
npm i inquirer -D
If not installed, prompts are not generated.
JSON
JSON files are merged together with destination, if it already exists.
Related
- hcp - CLI command power by template-copy
FAQs
Tiny scaffolding engine
The npm package template-copy receives a total of 3,090 weekly downloads. As such, template-copy popularity was classified as popular.
We found that template-copy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 28 May 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Tracking Protestware Spread: 28 npm Packages Affected by Payload Targeting Russian-Language Users
Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.
By Olivia Brown - Jul 15, 2025
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
By Kirill Boychenko - Jul 14, 2025