npm is now a part of GitHub
Noodle Printing Machine

npm

Sign UpSign In
Miss any of our Open RFC calls?Watch the recordings here! »

shell-source

1.1.0 • Public • Published

shell-source

Source environment variables from a shell script into a Node.js process.

npm tests coverage

Dragons:

Since sourcing a shell script allows it to execute arbitrary code, you should be 100% sure its contents are not malicious!

Why

You have some configuration data stored in a sourcable shell script, but need access to that data from a JavaScript program. You could try to parse the file as text, but that would only work if the script does not execute code or expand any variables.

How

Spawns the process owner's default shell and executes a POSIX compliant wrapper script that in turn sources the file of your choosing. The wrapper then calls printenv which writes the child process' updated environment to stdout. The parent (Node.js) process then parses this output and updates process.env.

Example

Consider the script below that needs to execute code before its variables can be evaluated:

export SERVER_HOST="$(hostname)"
export SERVER_PORT="$(grep -m1 '# HTTP Alternate' < /etc/services | sed 's/[^0-9]*\(.*\)\/.*/\1/')"
export PATH="node_modules/.bin:$PATH"

A Node.js process can use shell-source to emulate the behavior of sh's . built-in, executing the script before absorbing any enviroment changes it effects:

var source = require('shell-source');
 
source(__dirname + '/env.sh', function(err) {
  if (err) return console.error(err);
 
  console.log(process.env.SERVER_HOST); // ::
  console.log(process.env.SERVER_PORT); // 8080
  console.log(process.env.PATH);        // node_modules/.bin:/usr/local/bin
});

Install

$ npm install shell-source

Test

$ npm test

Require

var source = require('shell-source');

Use

source(filepath, [opts,] callback);

  • filepath The full path to the shell script that should be sourced.
  • opts An options object which can contain:
    • source A boolean. Defaults to true. If set to false, the callback can receive the evironment object as its second argument and process.env will be left unmolested.
    • wrapper Use your own wrapper script. source.sh is used by default.
    • reserved An object to merge with the default blacklist where SHLVL and _ are already set to true.
  • callback A callback with signature:
function(err, environment) {
  // console.log(err, environment);
}

Notes

Obviously it would be nice if this could be done synchronously. However, until something like this lands on stable, I'm not sure if there is a sane way to accomplish it. If there is, please let me know.

Releases

The latest stable release is published to npm. Tarballs for each release can be found here.

  • 1.1.0
  • xtend is not a dev dependency (thanks @sparkleholic)
  • 1.0.x
  • First release.

License

Copyright © 2014 Jesse Tane jesse.tane@gmail.com

This work is free. You can redistribute it and/or modify it under the terms of the WTFPL.

No Warranty. The Software is provided "as is" without warranty of any kind, either express or implied, including without limitation any implied warranties of condition, uninterrupted use, merchantability, fitness for a particular purpose, or non-infringement.

Keywords

Install

npm i shell-source

DownloadsWeekly Downloads

940

Version

1.1.0

License

none

Homepage

github.com/jessetane/shell-source#readme

Repository

Gitgithub.com/jessetane/shell-source

Last publish

Collaborators

  • avatar
Try on RunKit
Report a vulnerability