A minimal package for executing commands
This package was created to provide a minimal way of interacting with child processes without having to manually deal with streams, piping, etc.
$ npm i -S tinyexec
A process can be spawned and awaited like so:
import {x} from 'tinyexec';
const result = await x('ls', ['-l']);
// result.stdout - the stdout as a string
// result.stderr - the stderr as a string
// result.exitCode - the process exit code as a number
By default, tinyexec does not throw on non‑zero exit codes. Check result.exitCode or pass {throwOnError: true}.
Output is returned exactly as produced; trailing newlines are not trimmed. If you need trimming, do it explicitly:
const clean = result.stdout.replace(/\r?\n$/, '');
You may also iterate over the lines of output via an async loop:
import {x} from 'tinyexec';
const proc = x('ls', ['-l']);
for await (const line of proc) {
// line will be from stderr/stdout in the order you'd see it in a term
}
Options can be passed to have finer control over spawning of the process:
await x('ls', [], {
timeout: 1000
});
The options object can have the following properties:
signal - an AbortSignal to allow aborting of the executiontimeout - time in milliseconds at which the process will be forcibly killedpersist - if true, the process will continue after the host exitsstdin - string or another Result that will be used as the input to the processnodeOptions - any valid options to node's underlying spawn functionthrowOnError - if true, non-zero exit codes will throw an errornodePath - if false, node_modules/.bin directories and the current node executable's directory will not be prepended to PATH (defaults to true)You can pass a string to stdin, which is useful for whitespace-sensitive values and for secrets that shouldn’t be exposed in shell history:
const result = await x('gh', ['auth', 'login', '--with-token'], {
stdin: process.env.GITHUB_TOKEN
});
console.log(result.exitCode);
You can pipe a process to another via the pipe method:
const proc1 = x('ls', ['-l']);
const proc2 = proc1.pipe('grep', ['.js']);
const result = await proc2;
console.log(result.stdout);
pipe takes the same options as a regular execution. For example, you can
pass a timeout to the pipe call:
proc1.pipe('grep', ['.js'], {
timeout: 2000
});
You can kill the process via the kill method:
const proc = x('ls');
proc.kill();
// or with a signal
proc.kill('SIGHUP');
By default, node's available binaries from node_modules will be accessible
in your command.
For example, in a repo which has eslint installed:
await x('eslint', ['.']);
In this example, eslint will come from the locally installed node_modules.
If you'd rather not have node_modules/.bin (or the directory of the current
node executable) prepended to PATH, pass nodePath: false:
await x('eslint', ['.'], {nodePath: false});
An abort signal can be passed to a process in order to abort it at a later
time. This will result in the process being killed and aborted being set
to true.
const aborter = new AbortController();
const proc = x('node', ['./foo.mjs'], {
signal: aborter.signal
});
// elsewhere...
aborter.abort();
await proc;
proc.aborted; // true
proc.killed; // true
If you need to continue supporting commands as strings (e.g. "command arg0 arg1"), you can use args-tokenizer, a lightweight library for parsing shell command strings into an array.
import {x} from 'tinyexec';
import {tokenizeArgs} from 'args-tokenizer';
const commandString = 'echo "Hello, World!"';
const [command, ...args] = tokenizeArgs(commandString);
const result = await x(command, args);
result.stdout; // Hello, World!
You can use xSync for synchronous (blocking) execution:
import {xSync} from 'tinyexec';
const result = xSync('ls', ['-l']);
// result.stdout - the stdout as a string
// result.stderr - the stderr as a string
// result.exitCode - the process exit code as a number
Like the async API, you can iterate over lines:
const result = xSync('ls', ['-l']);
for (const line of result) {
// line will be from stdout then stderr
}
Since the synchronous API blocks the event loop, there are some features that are supported in the async API that the sync API does not support:
signalpersistkill() methodstdin pipingpipe() methodOther options like timeout, throwOnError, and nodeOptions work the same way.
Calling x(command[, args]) returns an awaitable Result which has the
following API methods and properties available:
pipe(command[, args[, options]])Pipes the current command to another. For example:
x('ls', ['-l'])
.pipe('grep', ['js']);
The parameters are as follows:
command - the command to execute (without any arguments)args - an array of argumentsoptions - options objectprocessThe underlying Node.js ChildProcess. tinyexec keeps the surface minimal and does not re‑expose every child_process method/event. Use proc.process for advanced access (streams, events, etc.).
const proc = x('node', ['./foo.mjs']);
proc.process?.stdout?.on('data', (chunk) => {
// ...
});
proc.process?.once('close', (code) => {
// ...
});
kill([signal])Kills the current process with the specified signal. By default, this will
use the SIGTERM signal.
For example:
const proc = x('ls');
proc.kill();
pidThe current process ID. For example:
const proc = x('ls');
proc.pid; // number
abortedWhether the process has been aborted or not (via the signal originally
passed in the options object).
For example:
const proc = x('ls');
proc.aborted; // bool
killedWhether the process has been killed or not (e.g. via kill() or an abort
signal).
For example:
const proc = x('ls');
proc.killed; // bool
exitCodeThe exit code received when the process completed execution.
For example:
const proc = x('ls');
proc.exitCode; // number (e.g. 1)
tinyexec aims to provide a lightweight layer on top of Node's own
child_process API.
Some clear benefits compared to other libraries are that tinyexec will be much lighter, have a much
smaller footprint and will have a less abstract interface (less "magic"). It
will also have equal security and cross-platform support to popular
alternatives.
There are various features other libraries include which we are unlikely to ever implement, as they would prevent us from providing a lightweight layer.
For example, if you'd like write scripts rather than individual commands, and
prefer to use templating, we'd definitely recommend
zx. zx is a much higher level library which
does some of the same work tinyexec does but behind a template string
interface.
Similarly, libraries like execa will provide helpers for various things
like passing files as input to processes. We opt not to support features like
this since many of them are easy to do yourself (using Node's own APIs).
The 'child_process' module is a built-in Node.js module that provides the ability to spawn child processes and execute shell commands. It offers more flexibility and control compared to tinyexec but requires more boilerplate code. It is suitable for more complex use cases where fine-grained control over the child process is needed.
The 'execa' package is a modern alternative to the built-in 'child_process' module. It provides a more user-friendly API for executing shell commands and capturing their output. Execa offers additional features such as promise-based execution, better error handling, and support for streaming output. It is more feature-rich compared to tinyexec but also slightly larger in size.
The 'shelljs' package is a portable Unix shell commands for Node.js. It provides a comprehensive set of shell commands that can be used in a cross-platform manner. Shelljs is more extensive and versatile compared to tinyexec, making it suitable for complex scripting tasks that require a wide range of shell functionalities.
FAQs
A minimal library for executing processes in Node
The npm package tinyexec receives a total of 61,838,141 weekly downloads. As such, tinyexec popularity was classified as popular.
We found that tinyexec demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A mini Shai-Hulud campaign compromised Red Hat Cloud Services npm packages to steal developer and CI/CD secrets during installation.
Research
/Security News
The North Korean malware loader hides in a Packagist-listed package and its GitHub branch to fetch and execute remote code in a likely Contagious Interview-style lure.
Security News
The Rust project is moving toward formal rules on LLM use in contributions after months of internal debate over maintainer burden, code quality, and contributor experience.