npmpackage.info

Gathering detailed insights and metrics for nopt

nopt

Node/npm Option Parsing

8.0.0

528

ISC

JavaScript

2.85 kB

7,403,482,359 6.9

Installations

npm install nopt

Score

99.3

Supply Chain

99.5

Quality

83.6

Maintenance

100

Vulnerability

99.6

License

Pull Requests

Open

2

Total

122

Closed

74

Merged

46

Issues

Open

14

Total

54

Closed

40

Releases

v8.0.0

Published on 04 Sept 2024

v7.2.1

Published on 04 May 2024

v7.2.0

Published on 15 Jun 2023

v7.1.0

Published on 21 Mar 2023

v7.0.0

Published on 02 Nov 2022

v6.0.0

Published on 20 Jul 2022

View all 6 releases

Developer

npm

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

^18.17.0 || >=20.5.0

Typescript Support

No

Node Version

22.8.0

NPM Version

10.8.3 Statistics

528 Stars

164 Commits

43 Forks

39 Watching

3 Branches

85 Contributors

Updated on 26 Sept 2024

Bundle Size

6.77 kB

Minified

2.85 kB

Minified + Gzipped

Bundlephobia

Languages

JavaScript (100%)

Total Downloads

Cumulative downloads

Total Downloads

7,403,482,359

Last day

-6.4%

6,239,729

Compared to previous day

Last week

2.4%

36,537,265

Compared to previous week

Last month

9.8%

150,496,073

Compared to previous month

Last year

14.7%

1,614,555,641

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

abbrev

Dev Dependencies

@npmcli/eslint-config @npmcli/template-oss tap

Versions

If you want to write an option parser, and have it be good, there are two ways to do it. The Right Way, and the Wrong Way.

The Wrong Way is to sit down and write an option parser. We've all done that.

The Right Way is to write some complex configurable program with so many options that you hit the limit of your frustration just trying to manage them all, and defer it with duct-tape solutions until you see exactly to the core of the problem, and finally snap and write an awesome option parser.

If you want to write an option parser, don't write an option parser. Write a package manager, or a source control system, or a service restarter, or an operating system. You probably won't end up with a good one of those, but if you don't give up, and you are relentless and diligent enough in your procrastination, you may just end up with a very nice option parser.

USAGE

1// my-program.js
2var nopt = require("nopt")
3  , Stream = require("stream").Stream
4  , path = require("path")
5  , knownOpts = { "foo" : [String, null]
6                , "bar" : [Stream, Number]
7                , "baz" : path
8                , "bloo" : [ "big", "medium", "small" ]
9                , "flag" : Boolean
10                , "pick" : Boolean
11                , "many1" : [String, Array]
12                , "many2" : [path, Array]
13                }
14  , shortHands = { "foofoo" : ["--foo", "Mr. Foo"]
15                 , "b7" : ["--bar", "7"]
16                 , "m" : ["--bloo", "medium"]
17                 , "p" : ["--pick"]
18                 , "f" : ["--flag"]
19                 }
20             // everything is optional.
21             // knownOpts and shorthands default to {}
22             // arg list defaults to process.argv
23             // slice defaults to 2
24  , parsed = nopt(knownOpts, shortHands, process.argv, 2)
25console.log(parsed)

This would give you support for any of the following:

1$ node my-program.js --foo "blerp" --no-flag
2{ "foo" : "blerp", "flag" : false }
3
4$ node my-program.js ---bar 7 --foo "Mr. Hand" --flag
5{ bar: 7, foo: "Mr. Hand", flag: true }
6
7$ node my-program.js --foo "blerp" -f -----p
8{ foo: "blerp", flag: true, pick: true }
9
10$ node my-program.js -fp --foofoo
11{ foo: "Mr. Foo", flag: true, pick: true }
12
13$ node my-program.js --foofoo -- -fp  # -- stops the flag parsing.
14{ foo: "Mr. Foo", argv: { remain: ["-fp"] } }
15
16$ node my-program.js --blatzk -fp # unknown opts are ok.
17{ blatzk: true, flag: true, pick: true }
18
19$ node my-program.js --blatzk=1000 -fp # but you need to use = if they have a value
20{ blatzk: 1000, flag: true, pick: true }
21
22$ node my-program.js --no-blatzk -fp # unless they start with "no-"
23{ blatzk: false, flag: true, pick: true }
24
25$ node my-program.js --baz b/a/z # known paths are resolved.
26{ baz: "/Users/isaacs/b/a/z" }
27
28# if Array is one of the types, then it can take many
29# values, and will always be an array.  The other types provided
30# specify what types are allowed in the list.
31
32$ node my-program.js --many1 5 --many1 null --many1 foo
33{ many1: ["5", "null", "foo"] }
34
35$ node my-program.js --many2 foo --many2 bar
36{ many2: ["/path/to/foo", "path/to/bar"] }

Read the tests at the bottom of lib/nopt.js for more examples of what this puppy can do.

Types

The following types are supported, and defined on nopt.typeDefs

String: A normal string. No parsing is done.
path: A file system path. Gets resolved against cwd if not absolute.
url: A url. If it doesn't parse, it isn't accepted.
Number: Must be numeric.
Date: Must parse as a date. If it does, and Date is one of the options, then it will return a Date object, not a string.
Boolean: Must be either true or false. If an option is a boolean, then it does not need a value, and its presence will imply true as the value. To negate boolean flags, do --no-whatever or --whatever false
NaN: Means that the option is strictly not allowed. Any value will fail.
Stream: An object matching the "Stream" class in node. Valuable for use when validating programmatically. (npm uses this to let you supply any WriteStream on the outfd and logfd config options.)
Array: If Array is specified as one of the types, then the value will be parsed as a list of options. This means that multiple values can be specified, and that the value will always be an array.

If a type is an array of values not on this list, then those are considered valid values. For instance, in the example above, the --bloo option can only be one of "big", "medium", or "small", and any other value will be rejected.

When parsing unknown fields, "true", "false", and "null" will be interpreted as their JavaScript equivalents.

You can also mix types and values, or multiple types, in a list. For instance { blah: [Number, null] } would allow a value to be set to either a Number or null. When types are ordered, this implies a preference, and the first type that can be used to properly interpret the value will be used.

To define a new type, add it to nopt.typeDefs. Each item in that hash is an object with a type member and a validate method. The type member is an object that matches what goes in the type list. The validate method is a function that gets called with validate(data, key, val). Validate methods should assign data[key] to the valid value of val if it can be handled properly, or return boolean false if it cannot.

You can also call nopt.clean(data, types, typeDefs) to clean up a config object and remove its invalid properties.

Error Handling

By default, nopt outputs a warning to standard error when invalid values for known options are found. You can change this behavior by assigning a method to nopt.invalidHandler. This method will be called with the offending nopt.invalidHandler(key, val, types).

If no nopt.invalidHandler is assigned, then it will console.error its whining. If it is assigned to boolean false then the warning is suppressed.

Abbreviations

Yes, they are supported. If you define options like this:

1{ "foolhardyelephants" : Boolean
2, "pileofmonkeys" : Boolean }

Then this will work:

1node program.js --foolhar --pil
2node program.js --no-f --pileofmon
3# etc.

Shorthands

Shorthands are a hash of shorter option names to a snippet of args that they expand to.

If multiple one-character shorthands are all combined, and the combination does not unambiguously match any other option or shorthand, then they will be broken up into their constituent parts. For example:

1{ "s" : ["--loglevel", "silent"]
2, "g" : "--global"
3, "f" : "--force"
4, "p" : "--parseable"
5, "l" : "--long"
6}

1npm ls -sgflp
2# just like doing this:
3npm ls --loglevel silent --global --force --long --parseable

The Rest of the args

The config object returned by nopt is given a special member called argv, which is an object with the following fields:

remain: The remaining args after all the parsing has occurred.
original: The args as they originally appeared.
cooked: The args after flags and shorthands are expanded.

Slicing

Node programs are called with more or less the exact argv as it appears in C land, after the v8 and node-specific options have been plucked off. As such, argv[0] is always node and argv[1] is always the JavaScript program being run.

That's usually not very useful to you. So they're sliced off by default. If you want them, then you can pass in 0 as the last argument, or any other number that you'd like to slice off the start of the list.

No vulnerabilities found.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Security-Policy

Determines if the project has published a security policy.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

License

Determines if the project has defined a license.

9

SAST

Determines if the project uses static code analysis.

7

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/ci-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/ci-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/post-dependabot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/post-dependabot.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/post-dependabot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-integration.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/release-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-integration.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/release-integration.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:274: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:283: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:303: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:236: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/nopt/release.yml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/audit.yml:38
Warn: npmCommand not pinned by hash: .github/workflows/ci-release.yml:58
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:42
Warn: npmCommand not pinned by hash: .github/workflows/post-dependabot.yml:39
Warn: npmCommand not pinned by hash: .github/workflows/pull-request.yml:42
Warn: npmCommand not pinned by hash: .github/workflows/release-integration.yml:52
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:50
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:130
Info: 0 out of 26 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 12 third-party GitHubAction dependencies pinned
Info: 0 out of 8 npmCommand dependencies pinned

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

Score

6.9

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More