npmpackage.info

demurgos-foreground-child

Run a child as if it's the foreground process. Give it stdio. Exit when it exits.

1.6.0-beta.2

ISC

TypeScript

42.36 kB

8,405 3.2

Installations

npm install demurgos-foreground-child

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Min. Node Version

>=6.0.0

Node Version

13.7.0

NPM Version

6.13.6 Score

68.2

Supply Chain

86.7

Quality

75.2

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

2

Total

54

Closed

35

Merged

17

Issues

Open

4

Total

11

Closed

7

Releases

Unable to fetch releases

Contributors

View all 9 contributors

Languages

TypeScript

JavaScript

Shell

TypeScript (83.37%)

JavaScript (15.81%)

Shell (0.82%)

Developer

tapjs

Download Statistics

Total Downloads

8,405

Last Day

Last Week

Last Month

Last Year

860

GitHub Statistics

40 Stars

101 Commits

20 Forks

4 Watching

4 Branches

9 Contributors

Maintainers

Package Meta Information

Latest Version

1.6.0-beta.2

Package Id

demurgos-foreground-child@1.6.0-beta.2

Unpacked Size

42.36 kB

Size

11.35 kB

File Count

NPM Version

6.13.6

Node Version

13.7.0

Total Downloads

Cumulative downloads

Total Downloads

8,405

Last day

-66.7%

Compared to previous day

Last week

38.9%

Compared to previous week

Last month

-34.2%

Compared to previous month

Last year

-19.2%

860

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@types/signal-exit cross-spawn signal-exit

Dev Dependencies

@types/node tap tslint typescript

Versions

foreground-child

Run a child as if it's the foreground process. Give it stdio.

Mostly this module is here to support some use cases around wrapping child processes for test coverage and such.

USAGE

1const fg = require('foreground-child')
2
3// cats out this file
4const {child, close} = fg('cat', [__filename])
5
6// At this point, it's best to just do nothing else.
7// return or whatever.
8// If the child gets a signal, or just exits, then this
9// parent process will exit in the same way.
10
11// Close is a promise resolved when the child is closed.
12// You can use it to inspected its exit code and exit the parent process.
13close.then((close) => {
14  // You can use this handler to perform an action before exiting the
15  // foreground child.
16  console.log(close.code);
17  console.log(close.status);
18  close(); // Kills the parent process using the result of the child process.
19});
20

Caveats

The "normal" standard IO file descriptors (0, 1, and 2 for stdin, stdout, and stderr respectively) are shared with the child process. Additionally, if there is an IPC channel set up in the parent, then messages are proxied to the child on file descriptor 3.

However, in Node, it's possible to also map arbitrary file descriptors into a child process. In these cases, foreground-child will not map the file descriptors into the child. If file descriptors 0, 1, or 2 are used for the IPC channel, then strange behavior may happen (like printing IPC messages to stderr, for example).

Note that a SIGKILL will always kill the parent process, and never the child process, because SIGKILL cannot be caught or proxied. The only way to do this would be if Node provided a way to truly exec a process as the new foreground program in the same process space, without forking a separate child process.

API

The canonical documentation is in the source code. See index.ts.

fg(file, args): Original API
fg.compat: Alias for fg.
fg.spawn(file, args, options): New API, based on Node's cp.spawn.
fg.proxy(parent, child): Forward IO, IPC and signals from parent to child.

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

7

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

1

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/tapjs/foreground-child/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/tapjs/foreground-child/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/isaacs-makework.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/tapjs/foreground-child/isaacs-makework.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/isaacs-makework.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/tapjs/foreground-child/isaacs-makework.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typedoc.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/tapjs/foreground-child/typedoc.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typedoc.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/tapjs/foreground-child/typedoc.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typedoc.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/tapjs/foreground-child/typedoc.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typedoc.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/tapjs/foreground-child/typedoc.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typedoc.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/tapjs/foreground-child/typedoc.yml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/typedoc.yml:39
Info: 0 out of 9 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 1 npmCommand dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Security-Policy

Determines if the project has published a security policy.

0

SAST

Determines if the project uses static code analysis.

Score

3.2

/10

Last Scanned on 2024-12-16

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More