![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
yargs-promise
Advanced tools
Readme
Use the headless yargs parser with promises!
npm
npm install --save yargs-promise
yarn
yarn add --save yargs-promise
Instead of using a callback with yargs.parse, use a promise chain: parser.parse(text).then().catch()
.
Examples:
const yargs = require('yargs');
const YargsPromise = require('yargs-promise');
// create the customized yargs parser
const parser = new YargsPromise(yargs);
// setup command & command handler
parser
.command('hello <name>', 'hello world parser' , ()=>{}, (argv) => {
// resolve stuff
argv.resolve(yourData, argv); // pass back argv if you need it
// reject stuff
argv.reject(yourErrorData, argv); // pass back argv if you need it
// or do nothing and reject/resolve will be handled internally
// however { data } will not be present in resolved or rejected responses
console.log('testing argv', argv);
})
.help();
// parse text input and use the returned promise
parser.parse('hello world')
.then(({argv, output, data}) => {
// `output` exists if there was console output from yargs and if this was
// resolved in internal parser callback
// `data` exists if the promise was resolved in command handler
// `argv` exists if the promise was resolved in internal parser callback
// otherwise it will need to be passed as the 2nd argument to
// context.resolve(data, argv)
})
.catch((error, argv, data) => {
// `error` exists if there was an internal error from yargs
// `argv` exists if the promise was rejected in internal parser callback
// otherwise it will need to be passed as the 2nd argument to
// context.reject(data, argv)
if (error) {
// built in error validation
}
if (data) {
// rejected from command handler
}
// argv contains parsed input
});
Customizing context example
const yargs = require('yargs');
const YargsPromise = require('yargs-promise');
const parser = new YargsPromise(
yargs,
// customize context
{
customContextMethod: () => {},
foo: 'bar'
}
);
parser
.command('hello <name>', 'hello world parser' , ()=>{}, (argv) => {
// argv now contains
argv.customContextMethod();
console.log(argv.foo);
})
.help();
This library does three things:
resolve
& reject
methods on the context passed to yargs.parse
argv.resolve
or argv.reject
in command handler function.help()
Checkout the source code or tests for more information.
Building chatbots requires parsing and handling text input. This wraps up the most common needs I've come across for handling errors, simple commands, and commands with handlers.
FAQs
Unknown package
We found that yargs-promise demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.