Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

Writing CLI tools with Node

Writing CLI tools with Node

My personal notes are available at http://cl.ly/bbcA/BuildingaCLItoolwithNode.pdf

Important points I prepared for the talk, but missed:
- npm can be creepy: no software signing, no sandbox, lousy chain of trust
- npm install as dangerous as curl foo | sh due to no sandboxing
- no whitelist prior authorization / permission system to access mic, camera, file-system, etc, as in the browser. Everything granted to the user is granted to the process.
- Windows does not support sending signals.

Henrique Vicente

June 11, 2015
Tweet

More Decks by Henrique Vicente

Other Decks in Programming

Transcript

  1. 3

  2. Node 0.12 improvements • Promise API (bye bye, callback hell)

    • child_process.execSync
 - for when async is not necessary 8
  3. Environment variables • Global values. • Try other approaches before

    setting custom ones to modify your app. • i.e., > process.env.PAGER => 'less' 9
  4. Name arguments
 the Unix way • --version | -v •

    --verbose • --help | -h • --force | -f • --your-command | —your-alias • e.g., gh pull-request -s your-reviewer --title “…” 11
  5. 14

  6. stdin, stdout, stderr • process.stdout.write(‘Hello World!\n’); console.log(‘Hello World!’);
 console.assert(state ===

    ‘enabled’);
 console.time(‘checkpoint’); • process.stderr.write();
 console.error(error.message);
 console.warn(‘whatever’);
 DON’T FORGET ABOUT US 15
  7. Exiting • Exit codes: 0 - 255 • 0 when

    no more async operations are pending • not zero means some sort of error happened • process.exit(code); 18
  8. Keep your config file structure simple • Dictionary approach is

    the best:
 key: value • Group params to avoid repetition • Don’t nest too much 20
  9. Learn the internal APIs • assert • child_process • fs

    • net • http • path • process • stream 21
  10. External Libraries 22 • insight • inquirer • moment •

    express • istanbul • … • gulp • commander • lodash • async • colors • cordova
  11. Code Quality Tools:
 static analysis, tests, mocking… 24 • jscs

    • gulp • Travis • coveralls • rewire • istanbul • plato • jshint
  12. Final considerations • Slow loading dependencies are common. • Package

    installation: local, global, etc. • No binaries means node is a hard dependency. • Don’t forget to escape user input. • KISS principle = “Keep it simple, stupid.” 25
  13. npm install -g require-time Avoid slow loading dependencies.
 
 Or

    require() later. http://funmozar.com/baby-cheetah/ $ require-time 5ms async 14ms colors 13ms github 52ms handlebars 125ms inquirer 55ms insight 12ms moment 4ms nopt 2ms open 1ms truncate 120ms update-notifier 1ms userhome 7ms which 1ms wordwrap 26