Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The yargs npm package is a command-line argument parser that helps in building interactive command line tools, by parsing arguments and generating an elegant user interface. It provides a simple and efficient way to handle command line arguments for Node.js applications.
Command Parsing
Yargs allows you to define commands and associated options. This feature is useful for CLI applications that perform different actions based on the command provided.
const yargs = require('yargs/yargs')(process.argv.slice(2));
yargs.command('get', 'make a get HTTP request', () => {}, (argv) => {
console.log(`Request made to URL: ${argv.url}`);
}).argv;
Option Parsing
Yargs can parse options (also known as flags or switches) with additional configuration such as aliases, types, and descriptions.
const yargs = require('yargs/yargs')(process.argv.slice(2));
yargs.option('verbose', {
alias: 'v',
type: 'boolean',
description: 'Run with verbose logging'
}).argv;
Default Values
Yargs allows setting default values for options, which will be used if no value is provided by the user.
const yargs = require('yargs/yargs')(process.argv.slice(2));
yargs.default('port', 8080).argv;
Automatic Help and Version Information
Yargs can automatically generate help and version information for the CLI tool, making it easier for users to understand how to use the application.
const yargs = require('yargs/yargs')(process.argv.slice(2));
yargs.help().version().argv;
Custom Validation
Yargs provides a way to define custom validation rules for the provided arguments, ensuring that the input meets certain criteria before the application proceeds.
const yargs = require('yargs/yargs')(process.argv.slice(2));
yargs.option('port', {
describe: 'The port to bind on',
demandOption: true,
number: true
}).check((argv, options) => {
if (argv.port < 1024) {
throw new Error('Port must be at least 1024');
}
return true;
}).argv;
Commander is another popular npm package for parsing command-line options. It provides a high-level API for defining commands and options, similar to yargs. Commander is known for its simplicity and declarative approach to command-line arguments.
Minimist is a minimalistic command-line argument parser. It is more lightweight than yargs and focuses on parsing a list of arguments into an object, without the additional features like command handling, help text generation, or validation.
Meow is a CLI helper for creating Node.js command-line apps. It provides a simpler and more opinionated API compared to yargs, with built-in help text, version output, and flag aliasing. Meow is suitable for smaller projects that require less customization.
Caporal is a full-featured framework for building command-line applications. It offers a rich set of features including argument parsing, validation, autocomplete, and more. Caporal is more framework-like compared to yargs, which might be more suitable for complex CLI tools.
Yargs be a node.js library fer hearties tryin' ter parse optstrings.
With yargs, ye be havin' a map that leads straight to yer treasure! Treasure of course, being a simple option hash.
Yargs is the official successor to optimist. Please feel free to submit issues and pull requests. If you'd like to contribute and don't know where to start, have a look at the issue list :)
plunder.js:
#!/usr/bin/env node
var argv = require('yargs').argv;
if (argv.ships > 3 && argv.distance < 53.5) {
console.log('Plunder more riffiwobbles!');
}
else {
console.log('Retreat from the xupptumblers!');
}
$ ./plunder.js --ships=4 --distance=22
Plunder more riffiwobbles!
$ ./plunder.js --ships 12 --distance 98.7
Retreat from the xupptumblers!
short.js:
#!/usr/bin/env node
var argv = require('yargs').argv;
console.log('(%d,%d)', argv.x, argv.y);
$ ./short.js -x 10 -y 21
(10,21)
bool.js:
#!/usr/bin/env node
var util = require('util');
var argv = require('yargs').argv;
if (argv.s) {
process.stdout.write(argv.fr ? 'Le perroquet dit: ' : 'The parrot says: ');
}
console.log(
(argv.fr ? 'couac' : 'squawk') + (argv.p ? '!' : '')
);
$ ./bool.js -s
The parrot says: squawk
$ ./bool.js -sp
The parrot says: squawk!
$ ./bool.js -sp --fr
Le perroquet dit: couac!
argv._
!nonopt.js:
#!/usr/bin/env node
var argv = require('yargs').argv;
console.log('(%d,%d)', argv.x, argv.y);
console.log(argv._);
$ ./nonopt.js -x 6.82 -y 3.35 rum
(6.82,3.35)
[ 'rum' ]
$ ./nonopt.js "me hearties" -x 0.54 yo -y 1.12 ho
(0.54,1.12)
[ 'me hearties', 'yo', 'ho' ]
count.js:
#!/usr/bin/env node
var argv = require('yargs')
.count('verbose')
.alias('v', 'verbose')
.argv;
VERBOSE_LEVEL = argv.verbose;
function WARN() { VERBOSE_LEVEL >= 0 && console.log.apply(console, arguments); }
function INFO() { VERBOSE_LEVEL >= 1 && console.log.apply(console, arguments); }
function DEBUG() { VERBOSE_LEVEL >= 2 && console.log.apply(console, arguments); }
WARN("Showing only important stuff");
INFO("Showing semi-important stuff too");
DEBUG("Extra chatty mode");
$ node count.js
Showing only important stuff
$ node count.js -v
Showing only important stuff
Showing semi-important stuff too
$ node count.js -vv
Showing only important stuff
Showing semi-important stuff too
Extra chatty mode
$ node count.js -v --verbose
Showing only important stuff
Showing semi-important stuff too
Extra chatty mode
area.js:
#!/usr/bin/env node
var argv = require('yargs')
.usage('Usage: $0 -w [num] -h [num]')
.demand(['w','h'])
.argv;
console.log("The area is:", argv.w * argv.h);
$ ./area.js -w 55 -h 11
The area is: 605
$ node ./area.js -w 4.91 -w 2.51
Usage: area.js -w [num] -h [num]
Options:
-w [required]
-h [required]
Missing required arguments: h
demand_count.js:
#!/usr/bin/env node
var argv = require('yargs')
.demand(2)
.argv;
console.dir(argv);
$ ./demand_count.js a
Not enough non-option arguments: got 1, need at least 2
$ ./demand_count.js a b
{ _: [ 'a', 'b' ], '$0': 'demand_count.js' }
$ ./demand_count.js a b c
{ _: [ 'a', 'b', 'c' ], '$0': 'demand_count.js' }
default_singles.js:
#!/usr/bin/env node
var argv = require('yargs')
.default('x', 10)
.default('y', 10)
.argv
;
console.log(argv.x + argv.y);
$ ./default_singles.js -x 5
15
default_hash.js:
#!/usr/bin/env node
var argv = require('yargs')
.default({ x : 10, y : 10 })
.argv
;
console.log(argv.x + argv.y);
$ ./default_hash.js -y 7
17
boolean_single.js:
#!/usr/bin/env node
var argv = require('yargs')
.boolean('v')
.argv
;
console.dir(argv.v);
console.dir(argv._);
$ ./boolean_single.js -v "me hearties" yo ho
true
[ 'me hearties', 'yo', 'ho' ]
boolean_double.js:
#!/usr/bin/env node
var argv = require('yargs')
.boolean(['x','y','z'])
.argv
;
console.dir([ argv.x, argv.y, argv.z ]);
console.dir(argv._);
$ ./boolean_double.js -x -z one two three
[ true, false, true ]
[ 'one', 'two', 'three' ]
Ye can describe parameters fer help messages and set aliases. Yargs figures out how ter format a handy help string automatically.
line_count.js:
#!/usr/bin/env node
var argv = require('yargs')
.usage('Usage: $0 <command> [options]')
.command('count', 'Count the lines in a file')
.demand(1)
.example('$0 count -f foo.js', 'count the lines in the given file')
.demand('f')
.alias('f', 'file')
.nargs('f', 1)
.describe('f', 'Load a file')
.help('h')
.alias('h', 'help')
.epilog('copyright 2015')
.argv;
var fs = require('fs');
var s = fs.createReadStream(argv.file);
var lines = 0;
s.on('data', function (buf) {
lines += buf.toString().match(/\n/g).length;
});
s.on('end', function () {
console.log(lines);
});
$ node line_count.js count
Usage: line_count.js <command> [options]
Commands:
count Count the lines in a file
Options:
-f, --file Load a file [required]
-h, --help Show help [boolean]
Examples:
line_count.js count -f foo.js count the lines in the given file
copyright 2015
Missing required arguments: f
$ node line_count.js count --file line_count.js
26
$ node line_count.js count -f line_count.js
26
By itself,
require('yargs').argv
will use the process.argv
array to construct the argv
object.
You can pass in the process.argv
yourself:
require('yargs')([ '-x', '1', '-y', '2' ]).argv
or use .parse()
to do the same thing:
require('yargs').parse([ '-x', '1', '-y', '2' ])
The rest of these methods below come in just before the terminating .argv
.
Set key names as equivalent such that updates to a key will propagate to aliases and vice-versa.
Optionally .alias()
can take an object that maps keys to aliases.
Each key of this object should be the canonical version of the option, and each
value should be a string or an array of strings.
Get the arguments as a plain old object.
Arguments without a corresponding flag show up in the argv._
array.
The script name or node command is available at argv.$0
similarly to how $0
works in bash or perl.
If yargs
is executed in an environment that embeds node and there's no script name (e.g. [Electron]
(http://electron.atom.io/) or nw.js), it will ignore the first parameter since it
expects it to be the script name. In order to override this behavior, use .parse(process.argv.slice(1))
instead of .argv
and the first parameter won't be ignored.
Tell the parser to interpret key
as an array. If .array('foo')
is set,
--foo foo bar
will be parsed as ['foo', 'bar']
rather than as 'foo'
.
Interpret key
as a boolean. If a non-flag option follows key
in
process.argv
, that string won't get set as the value of key
.
key
will default to false
, unless a default(key, undefined)
is
explicitly set.
If key
is an array, interpret all the elements as booleans.
Check that certain conditions are met in the provided arguments.
fn
is called with two arguments, the parsed argv
hash and an array of options and their aliases.
If fn
throws or returns a non-truthy value, show the thrown error, usage information, and
exit.
Limit valid values for key
to a predefined set of choices
, given as an array
or as an individual value.
var argv = require('yargs')
.alias('i', 'ingredient')
.describe('i', 'choose your sandwich ingredients')
.choices('i', ['peanut-butter', 'jelly', 'banana', 'pickles'])
.help('help')
.argv
If this method is called multiple times, all enumerated values will be merged together. Choices are generally strings or numbers, and value matching is case-sensitive.
Optionally .choices()
can take an object that maps multiple keys to their
choices.
Choices can also be specified as choices
in the object given to option()
.
var argv = require('yargs')
.option('size', {
alias: 's',
describe: 'choose a size',
choices: ['xs', 's', 'm', 'l', 'xl']
})
.argv
Document the commands exposed by your application.
Use desc
to provide a description for each command your application accepts (the
values stored in argv._
). Set desc
to false
to create a hidden command.
Hidden commands don't show up in the help output and aren't available for
completion.
Optionally, you can provide a handler fn
which will be executed when
a given command is provided. The handler will be executed with an instance
of yargs
, which can be used to compose nested commands.
Here's an example of top-level and nested commands in action:
var argv = require('yargs')
.usage('npm <command>')
.command('install', 'tis a mighty fine package to install')
.command('publish', 'shiver me timbers, should you be sharing all that', function (yargs) {
argv = yargs.option('f', {
alias: 'force',
description: 'yar, it usually be a bad idea'
})
.help('help')
.argv
})
.help('help')
.argv;
Enable bash-completion shortcuts for commands and options.
cmd
: When present in argv._
, will result in the .bashrc
completion script
being outputted. To enable bash completions, concat the generated script to your
.bashrc
or .bash_profile
.
description
: Provide a description in your usage instructions for the command
that generates bash completion scripts.
fn
: Rather than relying on yargs' default completion functionality, which
shiver me timbers is pretty awesome, you can provide your own completion
method.
var argv = require('yargs')
.completion('completion', function(current, argv) {
// 'current' is the current command being completed.
// 'argv' is the parsed arguments so far.
// simply return an array of completions.
return [
'foo',
'bar'
];
})
.argv;
But wait, there's more! You can provide asynchronous completions.
var argv = require('yargs')
.completion('completion', function(current, argv, done) {
setTimeout(function() {
done([
'apple',
'banana'
]);
}, 500);
})
.argv;
Tells the parser that if the option specified by key
is passed in, it
should be interpreted as a path to a JSON config file. The file is loaded
and parsed, and its properties are set as arguments. If present, the
description
parameter customizes the description of the config (key
) option
in the usage string.
Set argv[key]
to value
if no option was specified in process.argv
.
Optionally .default()
can take an object that maps keys to default values.
But wait, there's more! The default value can be a function
which returns
a value. The name of the function will be used in the usage string:
var argv = require('yargs')
.default('random', function randomValue() {
return Math.random() * 256;
}).argv;
Optionally, description
can also be provided and will take precedence over
displaying the value in the usage instructions:
.default('timeout', 60000, '(one-minute)')
If key
is a string, show the usage information and exit if key
wasn't
specified in process.argv
.
If key
is a number, demand at least as many non-option arguments, which show
up in argv._
. A second number can also optionally be provided, which indicates
the maximum number of non-option arguments.
If key
is an array, demand each element.
If a msg
string is given, it will be printed when the argument is missing,
instead of the standard error message. This is especially helpful for the non-option arguments in argv._
.
If a boolean
value is given, it controls whether the option is demanded;
this is useful when using .options()
to specify command line parameters.
Describe a key
for the generated usage information.
Optionally .describe()
can take an object that maps keys to descriptions.
A message to print at the end of the usage instructions, e.g.
var argv = require('yargs')
.epilogue('for more information, find our manual at http://example.com');
Give some example invocations of your program. Inside cmd
, the string
$0
will get interpolated to the current script name or node command for the
present script similar to how $0
works in bash or perl.
Examples will be printed out as part of the help message.
By default, yargs exits the process when the user passes a help flag, uses the
.version
functionality, or when validation fails. Calling
.exitProcess(false)
disables this behavior, enabling further actions after
yargs have been validated.
Method to execute when a failure occurs, rather than printing the failure message.
fn
is called with the failure message that would have been printed.
Add an option (e.g. --help
) that displays the usage string and exits the
process. If present, the description
parameter customizes the description of
the help option in the usage string.
If invoked without parameters, .help()
returns the generated usage string.
Example:
var yargs = require("yargs")
.usage("$0 -operand1 number -operand2 number -operation [add|subtract]");
console.log(yargs.help());
Later on, argv
can be retrieved with yargs.argv
.
Given the key x
is set, it is required that the key y
is set.
Optionally .implies()
can accept an object specifying multiple implications.
Set a locale other than the default en
locale:
var argv = require('yargs')
.usage('./$0 - follow ye instructions true')
.option('option', {
alias: 'o',
describe: "'tis a mighty fine option",
demand: true
})
.command('run', "Arrr, ya best be knowin' what yer doin'")
.example('$0 run foo', "shiver me timbers, here's an example for ye")
.help('help')
.wrap(70)
.locale('pirate')
.argv
./test.js - follow ye instructions true
Choose yer command:
run Arrr, ya best be knowin' what yer doin'
Options for me hearties!
--option, -o 'tis a mighty fine option [requi-yar-ed]
--help Parlay this here code of conduct [boolean]
Ex. marks the spot:
test.js run foo shiver me timbers, here's an example for ye
Ye be havin' to set the followin' argument land lubber: option
Locales currently supported:
To submit a new translation for yargs:
./locales/en.json
as a starting point.The number of arguments that should be consumed after a key. This can be a useful hint to prevent parsing ambiguity. For example:
var argv = require('yargs')
.nargs('token', 1)
.parse(['--token', '-my-token']);
parses as:
{ _: [], token: '-my-token', '$0': 'node test' }
Optionally .nargs()
can take an object of key
/narg
pairs.
Instead of chaining together .alias().demand().default().describe().string()
, you can specify
keys in opt
for each of the chainable methods.
For example:
var argv = require('yargs')
.option('f', {
alias: 'file',
demand: true,
default: '/etc/passwd',
describe: 'x marks the spot',
type: 'string'
})
.argv
;
is the same as
var argv = require('yargs')
.alias('f', 'file')
.demand('f')
.default('f', '/etc/passwd')
.describe('f', 'x marks the spot')
.string('f')
.argv
;
Optionally .options()
can take an object that maps keys to opt
parameters.
var argv = require('yargs')
.options({
'f': {
alias: 'file',
demand: true,
default: '/etc/passwd',
describe: 'x marks the spot',
type: 'string'
}
})
.argv
;
Parse args
instead of process.argv
. Returns the argv
object.
An alias for demand()
. See docs there.
Specifies either a single option key (string), or an array of options that must be followed by option values. If any option value is missing, show the usage information and exit.
The default behavior is to set the value of any key not followed by an
option value to true
.
Reset the argument object built up so far. This is useful for creating nested command line interfaces.
var yargs = require('yargs')
.usage('$0 command')
.command('hello', 'hello command')
.command('world', 'world command')
.demand(1, 'must provide a valid command'),
argv = yargs.argv,
command = argv._[0];
if (command === 'hello') {
yargs.reset()
.usage('$0 hello')
.help('h')
.example('$0 hello', 'print the hello message!')
.argv
console.log('hello!');
} else if (command === 'world'){
yargs.reset()
.usage('$0 world')
.help('h')
.example('$0 world', 'print the world message!')
.argv
console.log('world!');
} else {
yargs.showHelp();
}
Generate a bash completion script. Users of your application can install this
script in their .bashrc
, and yargs will provide completion shortcuts for
commands and options.
Print the usage data using the console
function consoleLevel
for printing.
Example:
var yargs = require("yargs")
.usage("$0 -operand1 number -operand2 number -operation [add|subtract]");
yargs.showHelp(); //prints to stderr using console.error()
Or, to print the usage data to stdout
instead, you can specify the use of console.log
:
yargs.showHelp("log"); //prints to stdout using console.log()
Later on, argv
can be retrieved with yargs.argv
.
By default, yargs outputs a usage string if any error is detected. Use the
.showHelpOnFail()
method to customize this behavior. If enable
is false
,
the usage string is not output. If the message
parameter is present, this
message is output after the error message.
line_count.js:
#!/usr/bin/env node
var argv = require('yargs')
.usage('Count the lines in a file.\nUsage: $0 -f <file>')
.demand('f')
.alias('f', 'file')
.describe('f', 'Load a file')
.string('f')
.showHelpOnFail(false, 'Specify --help for available options')
.help('help')
.argv;
// etc.
$ node line_count.js
Missing argument value: f
Specify --help for available options
Any command-line argument given that is not demanded, or does not have a corresponding description, will be reported as an error.
Tell the parser logic not to interpret key
as a number or boolean.
This can be useful if you need to preserve leading zeros in an input.
If key
is an array, interpret all the elements as strings.
.string('_')
will result in non-hyphenated arguments being interpreted as strings,
regardless of whether they resemble numbers.
Override the default strings used by yargs with the key/value
pairs provided in obj
:
var argv = require('yargs')
.command('run', 'the run command')
.help('help')
.updateStrings({
'Commands:': 'My Commands -->\n'
})
.wrap(null)
.argv
My Commands -->
run the run command
Options:
--help Show help [boolean]
If you explicitly specify a locale()
, you should do so before calling
updateStrings()
.
Set a usage message to show which commands to use. Inside message
, the string
$0
will get interpolated to the current script name or node command for the
present script similar to how $0
works in bash or perl.
opts
is optional and acts like calling .options(opts)
.
Add an option (e.g. --version
) that displays the version number (given by the
version
parameter) and exits the process. If present, the description
parameter customizes the description of the version option in the usage string.
You can provide a function
for version, rather than a string.
This is useful if you want to use the version from your package.json:
var argv = require('yargs')
.version(function() {
return require('../package').version;
})
.argv;
Format usage output to wrap at columns
many columns.
By default wrap will be set to Math.min(80, windowWidth)
. Use .wrap(null)
to
specify no column limit (no right-align). Use .wrap(yargs.terminalWidth())
to
maximize the width of yargs' usage instructions.
Use --
to stop parsing flags and stuff the remainder into argv._
.
$ node examples/reflect.js -a 1 -b 2 -- -c 3 -d 4
{ _: [ '-c', '3', '-d', '4' ],
a: 1,
b: 2,
'$0': 'examples/reflect.js' }
If you want to explicity set a field to false instead of just leaving it
undefined or to override a default you can do --no-key
.
$ node examples/reflect.js -a --no-b
{ _: [], a: true, b: false, '$0': 'examples/reflect.js' }
Every argument that looks like a number (!isNaN(Number(arg))
) is converted to
one. This way you can just net.createConnection(argv.port)
and you can add
numbers out of argv
with +
without having that mean concatenation,
which is super frustrating.
If you specify a flag multiple times it will get turned into an array containing all the values in order.
$ node examples/reflect.js -x 5 -x 8 -x 0
{ _: [], x: [ 5, 8, 0 ], '$0': 'examples/reflect.js' }
When you use dots (.
s) in argument names, an implicit object path is assumed.
This lets you organize arguments into nested objects.
$ node examples/reflect.js --foo.bar.baz=33 --foo.quux=5
{ _: [],
foo: { bar: { baz: 33 }, quux: 5 },
'$0': 'examples/reflect.js' }
Short numeric -n5
style arguments work too:
$ node examples/reflect.js -n123 -m456
{ _: [], n: 123, m: 456, '$0': 'examples/reflect.js' }
With npm, just do:
npm install yargs
or clone this project on github:
git clone http://github.com/bcoe/yargs.git
To run the tests with npm, just do:
npm test
This module is loosely inspired by Perl's Getopt::Casual.
FAQs
yargs the modern, pirate-themed, successor to optimist.
The npm package yargs receives a total of 89,242,148 weekly downloads. As such, yargs popularity was classified as popular.
We found that yargs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.