Today I Learned - Rocky Kev

TIL npx

POSTED ON:

TAGS: npm node

Around NPM 5.2, they released a cool feature called npx

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

For example:

The rimraf is a library for deleting files.

npx rimraf ./**/node_modules

That will do the following:

  1. Fetch the NPM servers remotely for rimraf binary.
  2. Get the rimraf library and put it in NPM cache.
  3. Run the binary like it was part of your project.

Related TILs

Tagged: npm

TIL types of malicious npm attacks

In the case of ionicons, the miscreants published 18 versions containing malicious form-stealing code; for example, icon-package (according to NPM download stats) has over 17,000 downloads. Other typo-squatting examples include umbrellaks instead of umbrellajs and so on.

TIL malware in node_modules

The very first line fetches the victim's country code using their IP address. If the victim is from Russia, Ukraine, Belarus, or Kazakhstan, then the malware exits early.

TIL NPM Christmas

This cute binary from NPM lets you really kick off the holidays.