Research
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
By Kush Pandya - Apr 18, 2025
You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP →
nodejs-wheel-binaries
Advanced tools
- Maintainers
- 1
Unoffical Node.js wheels
nodejs-wheel is an unofficial repository to distribute Node.js prebuilt wheels through PyPI using
pip install nodejs-wheel
New in v20.13.0: If you don't need command line interface (CLI), install only nodejs-wheel-binaries, which is a direct dependency of nodejs-wheel.
pip install nodejs-wheel-binaries
The package requires Python 3.7 and above.
The project is powered by scikit-build-core and cibuildwheel.
Available Builds
| OS | Arch | Bit | Conditions | New in |
|---|---|---|---|---|
| Linux | x86_64 | 64 | glibc >= 2.17 | v18.18.0 |
| Linux | x86_64 | 64 | musl >= 1.2 | v20.14.0 |
| Linux | aarch64 | 64 | glibc >= 2.17 | v20.13.0 |
| Linux | aarch64 | 64 | musl >= 1.2 | v22.13.1 |
| macOS | x86_64 | 64 | >= macOS-11 | v18.18.0 |
| macOS | arm64 | 64 | >= macOS-11 | v20.11.1 |
| Windows | amd64 | 64 | v18.18.0 | |
| Windows | arm64 | 64 | v22.12.0 |
Usage
Command line
Only available in the nodejs-wheel package.
node -h
npm -h
npx -h
# New in v22.13.1
corepack -h
Run library module as a script
New in v20.13.0.
Only support node.
python -m nodejs_wheel --version
Python API
New in v20.13.0.
from nodejs_wheel import (
node,
npm,
npx,
# corepack: New in v22.13.1
corepack,
)
return_code0 = node(["--version"])
return_code1 = npm(["--version"])
return_code2 = npx(["--version"])
# corepack: New in v22.13.1
return_code3 = corepack(]"--version"])
New in v20.13.1: pass return_completed_process=True to get subprocess.CompletedProcess instead of int.
completed_process0 = node(["--version"], return_completed_process=True)
completed_process1 = npm(["--version"], return_completed_process=True)
completed_process2 = npx(["--version"], return_completed_process=True)
# corepack: New in v22.13.1
completed_process3 = corepack(["--version"], return_completed_process=True)
License
nodejs-wheel distributed under the same MIT license as Node.js.
Other projects
The project is inspired by many other similiar projects:
- samwillis/nodejs-pypi: The package redistribute the official Node.js binaraies to PyPI. However, the offical binary for Nodejs 18 requires GLIBC 2.28, making it unsupported in manylinux2014 images. Besides, the wheel tag is wrong.
- sbwml/node-latest-centos: Use GitHub Actions to build Node.js in CentOS 7, but is not related to Python or PyPI.
- scikit-build/cmake-python-distributions: Use cibuildwheel and scikit-build to build CMake and distribute CMake in PyPI.
Keywords
FAQs
unoffical Node.js package
We found that nodejs-wheel-binaries demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Python Tools Are Quickly Adopting the New pylock.toml Standard
pip, PDM, pip-audit, and the packaging library are already adding support for Python’s new lock file format.
By Sarah Gooding - Apr 18, 2025
Product
Go Support Is Now Generally Available
Socket's Go support is now generally available, bringing automatic scanning and deep code analysis to all users with Go projects.
By Peter van der Zee, Ryan Eberhardt - Apr 17, 2025