Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
yargs-parser
Advanced tools
The yargs-parser package is a Node.js library that parses command line arguments. It takes an array of arguments, typically process.argv, and generates an object with the parsed keys and values. It supports various features such as boolean flags, numbers, strings, arrays, and nested objects.
Boolean Flags
Parses command line flags (e.g., --debug) as boolean values. If a flag is present without a value, it is set to true; otherwise, it is set to false.
{"_": [], "debug": true, "verbose": false}
Numbers
Automatically detects and parses numeric arguments, allowing you to specify numbers on the command line.
{"_": [], "port": 8080}
Strings
Parses command line arguments as strings, ensuring that numeric values or flags are treated as text.
{"_": [], "host": "localhost"}
Arrays
Supports array arguments, allowing multiple values to be collected into a single array.
{"_": [], "files": ["file1.txt", "file2.txt"]}
Nested Objects
Allows for nested object structures, enabling complex configurations to be passed via the command line.
{"_": [], "config": {"url": "http://example.com", "port": 80}}
Commander is another popular npm package for parsing command line options. It provides a high-level API for defining commands, options, and handling input. Commander is more feature-rich and is designed for building complex CLI applications, whereas yargs-parser is a lower-level tool for argument parsing.
Minimist is a minimalistic argument parsing library. It is simpler and has fewer features compared to yargs-parser, making it a good choice for smaller projects or when you need a lightweight solution.
Meow is a CLI app helper that wraps around minimist. It provides a more user-friendly interface and additional features like help text generation. Meow is more opinionated than yargs-parser and is designed for quick CLI development.
Arg is a simple argument parser with a focus on performance and strict type validation. It is less feature-rich than yargs-parser but offers a straightforward API for projects that require strict type checks.
The mighty option parser used by yargs.
visit the yargs website for more examples, and thorough usage instructions.
npm i yargs-parser --save
const argv = require('yargs-parser')(process.argv.slice(2))
console.log(argv)
$ node example.js --foo=33 --bar hello
{ _: [], foo: 33, bar: 'hello' }
or parse a string!
const argv = require('yargs-parser')('--foo=99 --bar=33')
console.log(argv)
{ _: [], foo: 99, bar: 33 }
Convert an array of mixed types before passing to yargs-parser
:
const parse = require('yargs-parser')
parse(['-f', 11, '--zoom', 55].join(' ')) // <-- array to string
parse(['-f', 11, '--zoom', 55].map(String)) // <-- array of strings
As of v19
yargs-parser
supports Deno:
import parser from "https://deno.land/x/yargs_parser/deno.ts";
const argv = parser('--foo=99 --bar=9987930', {
string: ['bar']
})
console.log(argv)
As of v19
yargs-parser
supports ESM (both in Node.js and in the browser):
Node.js:
import parser from 'yargs-parser'
const argv = parser('--foo=99 --bar=9987930', {
string: ['bar']
})
console.log(argv)
Browsers:
<!doctype html>
<body>
<script type="module">
import parser from "https://unpkg.com/yargs-parser@19.0.0/browser.js";
const argv = parser('--foo=99 --bar=9987930', {
string: ['bar']
})
console.log(argv)
</script>
</body>
Parses command line arguments returning a simple mapping of keys and values.
expects:
args
: a string or array of strings representing the options to parse.opts
: provide a set of hints indicating how args
should be parsed:
opts.alias
: an object representing the set of aliases for a key: {alias: {foo: ['f']}}
.opts.array
: indicate that keys should be parsed as an array: {array: ['foo', 'bar']}
.{array: [{ key: 'foo', boolean: true }, {key: 'bar', number: true}]}
.opts.boolean
: arguments should be parsed as booleans: {boolean: ['x', 'y']}
.opts.coerce
: provide a custom synchronous function that returns a coerced value from the argument provided
(or throws an error). For arrays the function is called only once for the entire array:{coerce: {foo: function (arg) {return modifiedArg}}}
.opts.config
: indicate a key that represents a path to a configuration file (this file will be loaded and parsed).opts.configObjects
: configuration objects to parse, their properties will be set as arguments:{configObjects: [{'x': 5, 'y': 33}, {'z': 44}]}
.opts.configuration
: provide configuration options to the yargs-parser (see: configuration).opts.count
: indicate a key that should be used as a counter, e.g., -vvv
= {v: 3}
.opts.default
: provide default values for keys: {default: {x: 33, y: 'hello world!'}}
.opts.envPrefix
: environment variables (process.env
) with the prefix provided should be parsed.opts.narg
: specify that a key requires n
arguments: {narg: {x: 2}}
.opts.normalize
: path.normalize()
will be applied to values set to this key.opts.number
: keys should be treated as numbers.opts.string
: keys should be treated as strings (even if they resemble a number -x 33
).returns:
obj
: an object representing the parsed value of args
key/value
: key value pairs for each argument and their aliases._
: an array representing the positional arguments.--
: an array with arguments after the end-of-options flag --
.Parses a command line string, returning detailed information required by the yargs engine.
expects:
args
: a string or array of strings representing options to parse.opts
: provide a set of hints indicating how args
, inputs are identical to require('yargs-parser')(args, opts={})
.returns:
argv
: an object representing the parsed value of args
key/value
: key value pairs for each argument and their aliases._
: an array representing the positional arguments.--
: an array with arguments after the end-of-options flag --
.error
: populated with an error object if an exception occurred during parsing.aliases
: the inferred list of aliases built by combining lists in opts.alias
.newAliases
: any new aliases added via camel-case expansion:
boolean
: { fooBar: true }
defaulted
: any new argument created by opts.default
, no aliases included.
boolean
: { foo: true }
configuration
: given by default settings and opts.configuration
.The yargs-parser applies several automated transformations on the keys provided
in args
. These features can be turned on and off using the configuration
field
of opts
.
var parsed = parser(['--no-dice'], {
configuration: {
'boolean-negation': false
}
})
true
.short-option-groups
.Should a group of short-options be treated as boolean flags?
$ node example.js -abc
{ _: [], a: true, b: true, c: true }
if disabled:
$ node example.js -abc
{ _: [], abc: true }
true
.camel-case-expansion
.Should hyphenated arguments be expanded into camel-case aliases?
$ node example.js --foo-bar
{ _: [], 'foo-bar': true, fooBar: true }
if disabled:
$ node example.js --foo-bar
{ _: [], 'foo-bar': true }
true
dot-notation
Should keys that contain .
be treated as objects?
$ node example.js --foo.bar
{ _: [], foo: { bar: true } }
if disabled:
$ node example.js --foo.bar
{ _: [], "foo.bar": true }
true
parse-numbers
Should keys that look like numbers be treated as such?
$ node example.js --foo=99.3
{ _: [], foo: 99.3 }
if disabled:
$ node example.js --foo=99.3
{ _: [], foo: "99.3" }
true
parse-positional-numbers
Should positional keys that look like numbers be treated as such.
$ node example.js 99.3
{ _: [99.3] }
if disabled:
$ node example.js 99.3
{ _: ['99.3'] }
true
boolean-negation
Should variables prefixed with --no
be treated as negations?
$ node example.js --no-foo
{ _: [], foo: false }
if disabled:
$ node example.js --no-foo
{ _: [], "no-foo": true }
false
combine-arrays
Should arrays be combined when provided by both command line arguments and a configuration file.
true
duplicate-arguments-array
Should arguments be coerced into an array when duplicated:
$ node example.js -x 1 -x 2
{ _: [], x: [1, 2] }
if disabled:
$ node example.js -x 1 -x 2
{ _: [], x: 2 }
true
flatten-duplicate-arrays
Should array arguments be coerced into a single array when duplicated:
$ node example.js -x 1 2 -x 3 4
{ _: [], x: [1, 2, 3, 4] }
if disabled:
$ node example.js -x 1 2 -x 3 4
{ _: [], x: [[1, 2], [3, 4]] }
true
greedy-arrays
Should arrays consume more than one positional argument following their flag.
$ node example --arr 1 2
{ _: [], arr: [1, 2] }
if disabled:
$ node example --arr 1 2
{ _: [2], arr: [1] }
Note: in v18.0.0
we are considering defaulting greedy arrays to false
.
false
nargs-eats-options
Should nargs consume dash options as well as positional arguments.
no-
negation-prefix
The prefix to use for negated boolean variables.
$ node example.js --no-foo
{ _: [], foo: false }
if set to quux
:
$ node example.js --quuxfoo
{ _: [], foo: false }
false
.populate--
Should unparsed flags be stored in --
or _
.
If disabled:
$ node example.js a -b -- x y
{ _: [ 'a', 'x', 'y' ], b: true }
If enabled:
$ node example.js a -b -- x y
{ _: [ 'a' ], '--': [ 'x', 'y' ], b: true }
false
.set-placeholder-key
.Should a placeholder be added for keys not set via the corresponding CLI argument?
If disabled:
$ node example.js -a 1 -c 2
{ _: [], a: 1, c: 2 }
If enabled:
$ node example.js -a 1 -c 2
{ _: [], a: 1, b: undefined, c: 2 }
false
.halt-at-non-option
.Should parsing stop at the first positional argument? This is similar to how e.g. ssh
parses its command line.
If disabled:
$ node example.js -a run b -x y
{ _: [ 'b' ], a: 'run', x: 'y' }
If enabled:
$ node example.js -a run b -x y
{ _: [ 'b', '-x', 'y' ], a: 'run' }
false
strip-aliased
Should aliases be removed before returning results?
If disabled:
$ node example.js --test-field 1
{ _: [], 'test-field': 1, testField: 1, 'test-alias': 1, testAlias: 1 }
If enabled:
$ node example.js --test-field 1
{ _: [], 'test-field': 1, testField: 1 }
false
strip-dashed
Should dashed keys be removed before returning results? This option has no effect if
camel-case-expansion
is disabled.
If disabled:
$ node example.js --test-field 1
{ _: [], 'test-field': 1, testField: 1 }
If enabled:
$ node example.js --test-field 1
{ _: [], testField: 1 }
false
unknown-options-as-args
Should unknown options be treated like regular arguments? An unknown option is one that is not
configured in opts
.
If disabled
$ node example.js --unknown-option --known-option 2 --string-option --unknown-option2
{ _: [], unknownOption: true, knownOption: 2, stringOption: '', unknownOption2: true }
If enabled
$ node example.js --unknown-option --known-option 2 --string-option --unknown-option2
{ _: ['--unknown-option'], knownOption: 2, stringOption: '--unknown-option2' }
Libraries in this ecosystem make a best effort to track Node.js' release schedule. Here's a post on why we think this is important.
The yargs project evolves from optimist and minimist. It owes its existence to a lot of James Halliday's hard work. Thanks substack beep boop \o/
ISC
FAQs
the mighty option parser used by yargs
The npm package yargs-parser receives a total of 77,191,591 weekly downloads. As such, yargs-parser popularity was classified as popular.
We found that yargs-parser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.