npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

node-op

v0.5.1

Published

Interactive 1Password CLI and installer

Downloads

66

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

zaripychzaripychzaripych-botzaripych-bot

Keywords

1password1-passwordone-passwordclinode-opop

Readme

node-op

Adds op - One Password CLI into your node_modules/.bin with additional helper commands and interactive CLI to copy paste passwords into clipboard

NOTE: This is not the official 1-Password CLI tool repo, this is a wrapper

See https://support.1password.com/command-line/ for more information about op

Supported platforms:

  • darwin
  • linux
  • windows

Additional Commands

The library provides additional commands on top of op CLI tool which you can find very useful:

vault-checkout

$> npx -p node-op vault-checkout --help
Usage: vault-checkout [options]

Download one or more files from 1-Password vault to current directory

Options:
  -v --vault <vault-name>  vault to use
  --force                  overwrite existing files (default: false)
  -f --files <title>       list of files to checkout
  --verbosity <0|1|2>      verbosity of stdout
  -h, --help               output usage information

Example:

npx -p node-op op signin ...
npx -p node-op vault-checkout -f secretFile.yaml -f serviceAccount.json -v my-vault

The above command will download secretFile.yaml and serviceAccount.json files from my-vault to the current directory.

The CLI will exit with error if:

  • we are not already authorized to 1-Password using op signin
  • files already exist
  • there are no documents in the vault with title secretFile.yaml or serviceAccount.json

Files are checked out independently and in event of issues specific to a single file only where the rest of files can be downloaded successfully - the tool will print out which of those files failed.

vault-checkin

$> npx -p node-op vault-checkin --help
Usage: vault-checkin [options]

Upload one or more files to 1-Password vault from current directory and trash old files with same name

Options:
  -v --vault <vault-name>  vault to use
  --verbosity <0|1|2>      verbosity of stdout
  -f --files <title>       list of files to checkin
  -h, --help               output usage information

For example, we could upload .prod.env and service-account.json files specific to our environment to a secure vault named service1:

npx -p node-op vault-checkin -f .prod.env -f service-account.json -v service1

The CLI will exit with error if:

  • we are not already authorized to 1-Password using op signin
  • .prod.env file doesn't exist
  • there are already multiple documents with title .prod.env in 1-Password

Otherwise, the command will attempt to upload all files specified, put previous versions of these files to the 1-Password trash (delete them) and then delete local files for security reasons.

For example, we could upload .prod.env and service-account.json files specific to our environment to a secure vault named service1:

npx -p node-op vault-checkin -f .prod.env -f service-account.json -v service1

vault-diff

$> npx -p node-op vault-diff --help
Usage: vault-diff [options]

Compare one or more local checked-out files with their original 1-Password versions

Options:
  -v --vault <vault-name>  vault to use
  -f --files <title>       list of files to compare
  --verbosity <0|1|2>      verbosity of stdout
  -h, --help               output usage information

The command uses git diff to compare local changes to the versions in the 1-Password vault allowing you to verify/review changes before checkin.

Installation

To pin particular version of op:

npm install node-op

or globally:

npm install -g node-op

after which 1-Password CLI tool should be available globally:

$> which op
/home/%USER%/.nvm/versions/node/v10.17.0/bin/op

CLI Installation Process

During npm install a script is executed which downloads and unpacks pinned version of op into your node_modules/node-op/lib/binaries folder.

The op executable becomes available to be used through npm run or yarn run.

Auto-updates

A GitHub Actions job checks for updates on official web sites and creates a PR to the GitHub repo to update the pinned version number, so new versions should be available to users in a reasonable time.

Docker Alternative

There is an official image on Docker Hub

https://hub.docker.com/r/1password/op

The difference from globally installed op is that OP sessions generated by the image containers cannot be shared. Once container that generated the image is stopped/destroyed the session is not valid anymore, so multiple op operations might require multiple sign-ins. Or you need to write a bash script to copy and run it inside the container. Which is good from security perspective - if container images are always destroyed and purged.

In addition to that there is no jq CLI tool embedded which makes the docker image useful as a base image only.

On security

NOTE: This is not official way of op CLI tool installation, no guarantees.

We are making a basic precaution of verifying the server certificate domain (weak certificate pinning). Certificates are not pinned due to the fact that they change very frequently.

After the CLI is installed it is your responsobility what happens with it.

Read op documentation. Make sure to logout after using the CLI and make sure the login credentials are not exposed outside your scripts. This can be achieved by wrapping your scripts into a bash shell script that retains environment variables inside, rather than exporting it outside.

Make sure to only use trusted code within your bash shell script that does not depend on outside node_modules which could take advantage of having access to environment variables with credentials.