Node JS:Understanding bin in package.json.

Well as a Node Js developer we know package.json as dependency file where we keep a note of all dependencies of our project.
Here we will be looking at what is bin in package.json?

To understand this we first need to understand command line application and it's purpose.
CLI applications are mostly used to automate things such as deployments of application,running tests,building reports and the list goes on and on.

So lets start with creating our first CLI application.
First, let’s make sure you have the tools required. To complete this tutorial, you will need the following:
1)A recent version of Node.js downloaded and installed
2)A good text editor, such as Visual Studio Code

Next, open your computer’s command prompt (Windows) or terminal (macOS/Linux). Change the current directory to the folder where you save your documents or projects. Enter the following commands to create a new project folder and initialize the project.

mkdir hello-cli
cd hello-cli
npm init
Next, open the hello-cli folder in your favorite text editor.Add a new file named index.js. Open the index.js file in your text editor and copy the following code.

#!/usr/bin/env node
console.log( "Hello!" );

The first line that begins with #! is usually called a “shebang.” This is normally only used on Linux or UNIX operating systems to inform the system what type of script is included in the rest of the text file. However, this first line is also required for Node.js scripts to be installed and run properly on macOS and Windows.

Next, open the package.json file in the root of the project in your text editor. Change the main value to index.js.
Add a new key for bin with the following text.

 "bin": {
   "hello": "./index.js"

In case if you forget about main property then ,
The main property of a package.json is a direction to the entry point to the module that the package.json is describing.
In a Node.js application, when the module is called via a require statement, the module's exports from the file named in the main property will be what's returned to the Node.js application.

Your entire package.json file should look similar to the following.
 "name": "hello-cli",
 "version": "1.0.0",
 "description": "",
 "main": "index.js",
 "scripts": {
   "test": "echo \"Error: no test specified\" && exit 1"
 "keywords": [],
 "author": "Saurabh Joshi",
 "license": "MIT",
 "bin": {
   "hello": "./index.js"

At this point, you can run the script just like any other Node.js application.
Try entering the following from the command line.

node .

node . command:
Node will try to load module located in the folder you pass (. - just bash variant of current folder), and start whatever is written in "main" section of package.json.
In your case it'll try to run node ./index.js
If no package.json found in the folder, node will still try to run index.js file.

However, the goal of writing a script like this is to be able to run it from anywhere. You can do that with the npm install command.

npm install -g .
This installs your script “globally.” Any commands listed in the bin section of the package.json file will be made available as command line applications. 
You can now run your script by typing hello at the command line!.
To uninstall your script, run the following command.

npm uninstall -g hello-cli
Tip: You can list all globally installed Node.js modules using npm ls -g --depth=0.
So this was all about CLI application and bin statement.

Now if you want to understand vulnerability affecting all JS package managers (npm, yarn and pnpm) which allows malicious actors to use various arbitrary file overwrite tactics.
Here’s what that means and why it matters.
Please do read this article.

Hope it was helpful! Please do share it.
Saurabh Joshi


Popular Posts