Writing CLI tools with Node

Writing CLI tools with Node

My personal notes are available at http://cl.ly/bbcA/BuildingaCLItoolwithNode.pdf

Important points I prepared for the talk, but missed:
- npm can be creepy: no software signing, no sandbox, lousy chain of trust
- npm install as dangerous as curl foo | sh due to no sandboxing
- no whitelist prior authorization / permission system to access mic, camera, file-system, etc, as in the browser. Everything granted to the user is granted to the process.
- Windows does not support sending signals.

5733fd332f2a0da11931e0e73ddfb20d?s=128

Henrique Vicente

June 11, 2015
Tweet

Transcript

  1. Writing CLI tools with Node henvic.github.io 1

  2. Read–eval–print loop 2

  3. 3

  4. 4 npm cheat sheet http://browsenpm.org/help

  5. semver • Semantic Versioning Specification semver.org • MAJOR.MINOR.PATCH • i.e.,

    1.5.2 5
  6. http://browsenpm.org/package.json 
 https://docs.npmjs.com/files/package.json 6

  7. Node 0.12 API Stability Index 7

  8. Node 0.12 improvements • Promise API (bye bye, callback hell)

    • child_process.execSync
 - for when async is not necessary 8
  9. Environment variables • Global values. • Try other approaches before

    setting custom ones to modify your app. • i.e., > process.env.PAGER => 'less' 9
  10. working directory • process.cwd(); • process.chdir(‘~/your-new-working-dir/’);

  11. Name arguments
 the Unix way • --version | -v •

    --verbose • --help | -h • --force | -f • --your-command | —your-alias • e.g., gh pull-request -s your-reviewer --title “…” 11
  12. process.argv 12

  13. A filter program 13

  14. 14

  15. stdin, stdout, stderr • process.stdout.write(‘Hello World!\n’); console.log(‘Hello World!’);
 console.assert(state ===

    ‘enabled’);
 console.time(‘checkpoint’); • process.stderr.write();
 console.error(error.message);
 console.warn(‘whatever’);
 DON’T FORGET ABOUT US 15
  16. Unix Signals • man sigaction • An asynchronous notification sent

    to a process. 16
  17. None
  18. Exiting • Exit codes: 0 - 255 • 0 when

    no more async operations are pending • not zero means some sort of error happened • process.exit(code); 18
  19. Config files • JSON is not human-friendly • Try something

    more Unix-like: .yml or .ini 19
  20. Keep your config file structure simple • Dictionary approach is

    the best:
 key: value • Group params to avoid repetition • Don’t nest too much 20
  21. Learn the internal APIs • assert • child_process • fs

    • net • http • path • process • stream 21
  22. External Libraries 22 • insight • inquirer • moment •

    express • istanbul • … • gulp • commander • lodash • async • colors • cordova
  23. You need no decoration rainbows :( 23 ANSI escape code

    is not friendly with filters…
  24. Code Quality Tools:
 static analysis, tests, mocking… 24 • jscs

    • gulp • Travis • coveralls • rewire • istanbul • plato • jshint
  25. Final considerations • Slow loading dependencies are common. • Package

    installation: local, global, etc. • No binaries means node is a hard dependency. • Don’t forget to escape user input. • KISS principle = “Keep it simple, stupid.” 25
  26. npm install -g require-time Avoid slow loading dependencies.
 
 Or

    require() later. http://funmozar.com/baby-cheetah/ $ require-time 5ms async 14ms colors 13ms github 52ms handlebars 125ms inquirer 55ms insight 12ms moment 4ms nopt 2ms open 1ms truncate 120ms update-notifier 1ms userhome 7ms which 1ms wordwrap 26
  27. Q&A 27 speakerdeck.com/henvic/writing-cli-tools-with-node