Security News
Crates.io Implements Trusted Publishing Support
Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.
By Sarah Gooding - Jul 16, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
▄• ▄▌ ▐ ▄ .▄▄ · ▄▄· ▄▄▄ ▪ ▄▄▄· ▄▄▄▄▄▄
█▪██▌ •█▌▐█ ▐█ ▀. ▐█ ▌▪ ▀▄ █· ██ ▐█ ▄█ ▀•██ ▀
█▌▐█▌ ▐█▐▐▌ ▄▀▀▀█▄ ██ ▄▄ ▐▀▀▄ ▐█· ██▀· ▐█.▪
▐█▄█▌ ██▐█▌ ▐█▄▪▐█ ▐███▌ ▐█•█▌ ▐█▌ ▐█▪·• ▐█▌·
▀▀▀ ▀▀ █▪ ▀▀▀▀ ·▀▀▀ .▀ ▀ ▀▀▀ .▀ ▀▀▀
Run npm scripts using automatically shortened script names
unscript [options] [query]
What is unscript?
Unscript lets you query and run npm scripts from a list of shorthands. These shorthands are generated from the names of the scripts in your package.json. Unscript creates shorthands by combining the first letter of each word separated by a delimiter (: by default).
For example:
devwould be shortened tod.build:devwould be shortened tobd.lint:watch:devwould be shortened tolwd.
If there are at least 2 identical shorthands then a prompt will appear to ask which of the results should be run.
For example:
build:devwould be shortened tobd.build:deploywould also be shortened tobd.
If no query is passed then a list of all scripts in the package.json will be displayed.
Why was this made?
There are many existing tools on npm that can run javascript files easily as a drop-in replacement for package.json scripts. Although these are helpful utilities I found that I wanted to create many small package.json scripts that I wouldn't need a full javascript file for. Unscript was created out of my own personal desire to quick run npm scripts using automatically generated shortened names.
Options
| option | default | description |
|---|---|---|
-p, --path | "." | Path to folder containing package.json. |
-d, --delimiter | ":" | Character to separate words by. |
-a, --auto | false | Run the selected script without confirmation. |
-s, --scripts | false | Display scripts in found package.json. |
Installation
Unscript can be used by installing it globally
npm i -g unscript
or by using using npx:
npx unscript lw
to save time writing that out it is recommended to alias the command to a shorter name:
# .bashrc .zshrc ...etc
alias un='npx unscript'
Usage
Basic usage
In this case the dev script is run because dev is the only script that was automatically shortened to d.
unscript d
Handling multiple scripts with the same generated shorthands
When multiple scripts have the same generated shorthand then a prompt will appear to ask which of the results should be run.
Run the selected script without prompting
Using the -a (auto) option will run the selected script without prompting for confirmation if there is only one script matching the shorthand query.
FAQs
Run npm scripts using automatically shortened script names
The npm package unscript receives a total of 4 weekly downloads. As such, unscript popularity was classified as not popular.
We found that unscript demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 27 May 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Tracking Protestware Spread: 28 npm Packages Affected by Payload Targeting Russian-Language Users
Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.
By Olivia Brown - Jul 15, 2025
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
By Kirill Boychenko - Jul 14, 2025