Gathering detailed insights and metrics for cross-spawn
As of June 2024, the npm registry hosts over 2 million packages, making it one of the largest open-source software repositories in the world.
Gathering detailed insights and metrics for cross-spawn
As of June 2024, the npm registry hosts over 2 million packages, making it one of the largest open-source software repositories in the world.
npm install cross-spawn
94.5
Supply Chain
96.5
Quality
86.6
Maintenance
100
Vulnerability
1,090 Stars
226 Commits
73 Forks
24 Watching
1 Branches
19 Contributors
Updated on 07 Nov 2024
Minified
Minified + Gzipped
JavaScript (100%)
Cumulative downloads
Total Downloads
Last day
20.1%
16,591,659
Compared to previous day
Last week
23.1%
87,486,445
Compared to previous week
Last month
13.6%
337,781,041
Compared to previous month
Last year
6.4%
3,560,151,971
Compared to previous year
A cross platform solution to node's spawn and spawnSync.
Node.js version 8 and up:
$ npm install cross-spawn
Node.js version 7 and under:
$ npm install cross-spawn@6
Node has issues when using spawn on Windows:
./my-folder/my-executable
)node_modules/.bin/
), where arguments with quotes and parenthesis would result in invalid syntax erroroptions.shell
support on node <v4.8
All these issues are handled correctly by cross-spawn
.
There are some known modules, such as win-spawn, that try to solve this but they are either broken or provide faulty escaping of shell arguments.
Exactly the same way as node's spawn
or spawnSync
, so it's a drop in replacement.
1const spawn = require('cross-spawn'); 2 3// Spawn NPM asynchronously 4const child = spawn('npm', ['list', '-g', '-depth', '0'], { stdio: 'inherit' }); 5 6// Spawn NPM synchronously 7const result = spawn.sync('npm', ['list', '-g', '-depth', '0'], { stdio: 'inherit' });
options.shell
as an alternative to cross-spawn
Starting from node v4.8
, spawn
has a shell
option that allows you run commands from within a shell. This new option solves
the PATHEXT issue but:
<v4.8
If you are using the shell
option to spawn a command in a cross platform way, consider using cross-spawn
instead. You have been warned.
options.shell
supportWhile cross-spawn
adds support for options.shell
in node <v4.8
, all of its enhancements are disabled.
This mimics the Node.js behavior. More specifically, the command and its arguments will not be automatically escaped nor shebang support will be offered. This is by design because if you are using options.shell
you are probably targeting a specific platform anyway and you don't want things to get into your way.
While cross-spawn
handles shebangs on Windows, its support is limited. More specifically, it just supports #!/usr/bin/env <program>
where <program>
must not contain any arguments.
If you would like to have the shebang support improved, feel free to contribute via a pull-request.
Remember to always test your code on Windows!
$ npm test
$ npm test -- --watch
during development
Released under the MIT License.
No vulnerabilities found.
Reason
license file detected
Details
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
10 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
Reason
Found 6/29 approved changesets -- score normalized to 2
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
security policy file not detected
Details
Reason
project is not fuzzed
Details
Reason
branch protection not enabled on development/release branches
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Reason
47 existing vulnerabilities detected
Details
Score
Last Scanned on 2024-11-04
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn Moreopen
Open stuff like URLs, files, executables. Cross-platform.
@patrickkfkan/cross-spawn
Cross platform child_process#spawn and child_process#spawnSync
run-with-node-env
Set the `NODE_ENV` variable on all platforms. Without `cross-spawn`, very slim.
cross-spawn-extra
a async version for cross-spawn and make it return like as sync return