sindresorhus / open-cli Goto Github PK

I actually always use opn-cli with the --no-wait flag. For instance for opening the finder at certain locations. I don't want to wait untill I close the process. Wouldn't --no-wait as default make more sense? Just something I want to discuss :).

// @sindresorhus @kevva

This repository is mentioned as the official cli for open, which already is out in version 8.2.0. The open version used here has quite a lot of outdated dependencies which are known to having security vulnerabilities.

Use app based on create-react-app and try to open html-file with second command

    "test": "react-scripts test --passWithNoTests",
    "test:coverage": "yarn test --coverage && opn ./coverage/lcov-report/index.html",

But only open vscode empty window, try to set brower like this

"test:coverage": "yarn test --coverage && opn ./coverage/lcov-report/index.html -- 'google chrome'",

And get error

events.js:167
throw er; // Unhandled 'error' event
^

Error: spawn google chrome ENOENT
at Process.ChildProcess._handle.onexit (internal/child_process.js:232:19)
at onErrorNT (internal/child_process.js:407:16)
at process._tickCallback (internal/process/next_tick.js:63:19)
at Function.Module.runMain (internal/modules/cjs/loader.js:745:11)
at startup (internal/bootstrap/node.js:283:19)
at bootstrapNodeJSCore (internal/bootstrap/node.js:743:3)
Emitted 'error' event at:
at Process.ChildProcess._handle.onexit (internal/child_process.js:238:12)
at onErrorNT (internal/child_process.js:407:16)
[... lines matching original stack trace ...]
at bootstrapNodeJSCore (internal/bootstrap/node.js:743:3)

Current opn version
"opn-cli": "^4.0.0",

System

node v10.15.0
Debian GNU/Linux 9 (stretch)

I use this cli to pass args via npm scripts like:
opn http://localhost:4200 -- 'google-chrome' --user-data-dir=.tmp-chrome --remote-debugging-port=9876
But on MacOS Mojave it doesn't works, I think it is because the browser is named diferently on the OS.

But even when passing:
opn http://localhost:4200 -- 'Google Chrome' --user-data-dir=.tmp-chrome --remote-debugging-port=9876
The browser doesn't start.
Calling opn http://localhost:4200 -- 'Google Chrome' it opens the browser.

My necessity is to open another instance of the browser with a profile scoped to the .tmp-chrome folder.

I've wrote a simple script as a workaround to use on my project, but I think this package could solve this problem more elegantly.

#! /usr/bin/env node
const opn = require('opn')
const childProcess = require('child_process')

const plat = process.platform

if (plat === 'darwin') {
  const cp = childProcess.spawn(
    '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome',
    [
      '--user-data-dir=.tmp-chrome',
      '--remote-debugging-port=9876',
      'http://localhost:4200',
    ]
  )

  cp.unref()

  process.exit(0)
} else {
  const browser = plat === 'win32'
    ? 'chrome'
    : 'google-chrome'

  opn('http://localhost:4200', {
    wait: false,
    app: [
      browser,
      '--user-data-dir=.tmp-chrome',
      '--remote-debugging-port=9876',
    ],
  })
}

There is a $40.00 open bounty on this issue. Add more on Issuehunt.

• Checkout the Issuehunt explorer to discover more funded issues.
• Need some help from other developers? Add your repositories on Issuehunt to raise funds.

👋 Hello,
There is an issue on the file-type dependency.
GHSA-mhxj-85r3-2x55

Bump dependency is enough

command: open-cli https://sindresorhus.com
node version: v16.13.0

error message:
Error: spawn EPERM
at ChildProcess.spawn (node:internal/child_process:412:11)
at Object.spawn (node:child_process:698:9)
at module.exports (C:\Users\Administrator\AppData\Roaming\npm\node_modules\open-cli\node_modules\open\index.js:175:34)
at async C:\Users\Administrator\AppData\Roaming\npm\node_modules\open-cli\cli.js:54:3

Hello! Thanks for your tremendous work for open source.

I came across your (kinda) simple package to simply say open ./file.html in my npm script and stay cross-platform. I also see quite a simple implementation in cli.js.

Bull well why how come this happens:

Can we consider lowering the number of dependencies for the utility that ideally should have none? Any thoughts on it?

As a package downloaded 100M+ times per month it would save so much.

Thanks!

open-cli has a prototype pollution vulnerability in it's sub-dependency yargs-parser.

Vulnerability details:

• Snyk report: https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
• Vuln PoC: https://gist.github.com/Kirill89/dcd8100d010896157a36624119439832
• yargs-parser fix commit: yargs/yargs-parser@63810ca
• CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608
• CWE: https://cwe.mitre.org/data/definitions/400.html

Current dependency chain:

• [email protected] -> [email protected] -> [email protected]

Fix:

• Update package.json to use fixed version of meow (version without vuln currently not available).

Command:

open-cli dist/report.html

Works in v5, breaks in v6

sindresorhus/open#24 (comment)

I'm having this error on Windows 10:

`
const meow = require('meow');
^^^^^

SyntaxError: Use of const in strict mode.
at exports.runInThisContext (vm.js:73:16)
at Module._compile (module.js:443:25)
at Object.Module._extensions..js (module.js:478:10)
at Module.load (module.js:355:32)
at Function.Module._load (module.js:310:12)
at Function.Module.runMain (module.js:501:10)
at startup (node.js:129:16)
at node.js:814:3
`