Gathering detailed insights and metrics for @oclif/core
Gathering detailed insights and metrics for @oclif/core
Installations
npm install @oclif/coreDeveloper
Developer Guide
BETA
Module System
ESM
Min. Node Version
>=18.0.0
Typescript Support
Yes
Node Version
22.11.0
NPM Version
10.9.0
Statistics
208 Stars
1,418 Commits
70 Forks
7 Watching
6 Branches
56 Contributors
Updated on 26 Nov 2024
Languages
TypeScript (99.43%)
JavaScript (0.57%)
Total Downloads
Cumulative downloads
Total Downloads
205,666,118
Last day
-7.2%
444,705
Compared to previous day
Last week
-0.6%
2,565,094
Compared to previous week
Last month
2.2%
11,068,928
Compared to previous month
Last year
68.7%
117,230,673
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
18
Dev Dependencies
39
@commitlint/config-conventional@oclif/plugin-help@oclif/plugin-plugins@oclif/prettier-config@oclif/test@types/benchmark@types/chai@types/chai-as-promised@types/clean-stack@types/debug@types/ejs@types/indent-string@types/mocha@types/node@types/pnpapi@types/sinon@types/supports-color@types/wordwrap@types/wrap-ansibenchmarkchaichai-as-promisedcommitlintcross-enveslinteslint-config-oclifeslint-config-oclif-typescripteslint-config-prettierhuskylint-stagedmadgemochanycprettiershxsinonts-nodetsdtypescript
Versions
oclif: Node.JS Open CLI Framework
🗒 Description
This is a framework for building CLIs in Node.js. This framework was built out of the Salesforce CLI but generalized to build any custom CLI. It's designed both for single-file CLIs with a few flag options (like cat or ls), or for very complex CLIs that have subcommands (like git or heroku).
See the docs for more information.
🚀 Getting Started Tutorial
The Getting Started tutorial is a step-by-step guide to introduce you to oclif. If you have not developed anything in a command line before, this tutorial is a great place to get started.
✨ Features
- Flag/Argument parsing - No CLI framework would be complete without a flag parser. We've built a custom one from years of experimentation that we feel consistently handles user input flexible enough for the user to be able to use the CLI in ways they expect, but without compromising strictness guarantees to the developer.
- Super Speed - The overhead for running an oclif CLI command is almost nothing. It requires very few dependencies (only 28 dependencies in a minimal setup—including all transitive dependencies). Also, only the command to be executed will be required with node. So large CLIs with many commands will load equally as fast as a small one with a single command.
- CLI Generator - Run a single command to scaffold out a fully functional CLI and get started quickly. See Getting Started Tutorial.
- Testing Helpers - We've put a lot of work into making commands easier to test and mock out stdout/stderr. The generator will automatically create scaffolded tests.
- Auto-documentation - By default you can pass
--helpto the CLI to get help such as flag options and argument information. This information is also automatically placed in the README whenever the npm package of the CLI is published. See the hello-world CLI example - Plugins - Using plugins, users of the CLI can extend it with new functionality, a CLI can be split into modular components, and functionality can be shared amongst multiple CLIs. See Building your own plugin.
- Hooks - Use lifecycle hooks to run functionality any time a CLI starts, or on custom triggers. Use this whenever custom functionality needs to be shared between various components of the CLI.
- TypeScript - Everything in the core of oclif is written in TypeScript and the generator will build fully configured TypeScript CLIs. If you use plugins support, the CLI will automatically use
ts-nodeto run the plugins enabling you to use TypeScript with minimal-to-no boilerplate needed for any oclif CLI. - Auto-updating Installers - oclif can package your CLI into different installers that will not require the user to already have node installed on the machine. These can be made auto-updatable by using plugin-update.
- Everything is Customizable - Pretty much anything can be swapped out and replaced inside oclif if needed—including the arg/flag parser.
- Autocomplete - Automatically include autocomplete for your CLI. This includes not only command names and flag names, but flag values as well. For example, it's possible to configure the Heroku CLI to have completions for Heroku app names:
$ heroku info --app=<tab><tab> # will complete with all the Heroku apps a user has in their account
📌 Requirements
Currently, Node 18+ is supported. We support the LTS versions of Node. You can add the node package to your CLI to ensure users are running a specific version of Node.
📌 Migrating
See the v3 migration guide for an overview of breaking changes that occurred between v2 and v3.
See the v2 migration guide for an overview of breaking changes that occurred between v1 and v2.
Migrating from @oclif/config and @oclif/command? See the v1 migration guide.
📌 Documentation
The official oclif website, oclif.io, contains all the documentation you need for developing a CLI with oclif.
If there's anything you'd like to see in the documentation, please submit an issue on the oclif.github.io repo.
🚀 Standalone Usage
We strongly encourage you generate an oclif CLI using the oclif cli. The generator will generate an npm package with @oclif/core as a dependency.
You can, however, use @oclif/core in a standalone script like this:
1#!/usr/bin/env -S node --loader ts-node/esm --no-warnings=ExperimentalWarning 2 3import * as fs from 'fs' 4import {Command, Flags, flush, handle} from '@oclif/core' 5 6class LS extends Command { 7 static description = 'List the files in a directory.' 8 static flags = { 9 version: Flags.version(), 10 help: Flags.help(), 11 dir: Flags.string({ 12 char: 'd', 13 default: process.cwd(), 14 }), 15 } 16 17 async run() { 18 const {flags} = await this.parse(LS) 19 const files = fs.readdirSync(flags.dir) 20 for (const f of files) { 21 this.log(f) 22 } 23 } 24} 25 26LS.run().then( 27 async () => { 28 await flush() 29 }, 30 async (err) => { 31 await handle(err) 32 }, 33)
Then run it like this:
1$ ts-node myscript.ts 2...files in current dir...
You can also use oclif's Parser separately:
1// index.js 2import {Args, Flags, Parser} from '@oclif/core' 3 4const {args, flags} = await Parser.parse(process.argv.slice(2), { 5 args: { 6 name: Args.string({required: true}), 7 }, 8 flags: { 9 from: Flags.string({char: 'f', default: 'oclif'}), 10 }, 11}) 12 13console.log(`hello ${args.name} from ${flags.form}`)
$ node index.js world --from oclif
hello world from oclif
🚀 Contributing
See the contributing guide.
No vulnerabilities found.
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
7 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-4g88-fppr-53pp
- Warn: Project is vulnerable to: GHSA-4jqc-8m5r-9rpr
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Reason
Found 2/9 approved changesets -- score normalized to 2
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/automerge.yml:1
- Warn: no topLevel permission defined: .github/workflows/create-github-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/external-test.yml:1
- Warn: no topLevel permission defined: .github/workflows/failureNotifications.yml:1
- Warn: no topLevel permission defined: .github/workflows/notify-slack-on-pr-open.yml:1
- Warn: no topLevel permission defined: .github/workflows/onRelease.yml:1
- Warn: no topLevel permission defined: .github/workflows/stale.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/external-test.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/external-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/external-test.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/external-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/external-test.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/external-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/external-test.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/external-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/failureNotifications.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/failureNotifications.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/notify-slack-on-pr-open.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/notify-slack-on-pr-open.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/onRelease.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/onRelease.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/onRelease.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/onRelease.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/stale.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/core/test.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:119
- Info: 0 out of 11 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 8 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 25 are checked with a SAST tool
Score
4.3
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More