Some thoughts on using gm module in Node.js

wedge

Earlier in the node.js project, I used some of the functionality of the child_process module, which required processing some data using a Linux command in a Node.js program. For example, implementing a function that uses the ls command to view the current directory structure:

/ / this is Node. Js official version 12. X documents provide an implementation example of the [Child Process | Node. Js v12.13.0 Documentation](https://nodejs.org/dist/latest-v12.x/docs/api/child_process.html#child_process_child_process_spawn_comman d_args_options)
const { spawn } = require(" child_process ");constLs = spawn(' ls', [' -lh ', '/Users']);// Console output is normalLs. Stdout. On (' data ', (data) = > {console.log(`stdout: ${data}`);
});

// Console output is abnormal
ls.stderr.on('data', (data) => {
  console.error(`stderr: ${data}`);
});

/ / close
ls.on('close', (code) => {
  console.log(`child process exited with code ${code}`);
});
Copy the code

In fact, any interaction with a native Linux service can be done in this way. Node.js can be used with any system commands on a Linux server or third-party software installed.

The sword of Damocles

At that time, I just thought this function was fun and practical, but I did not further study it. It wasn’t until the NPM package, which had been downloaded over 2 million times a week, was injected with malicious code that I realized node.js’s child process function was still a sword of Damocles. In the case of low security or no, it is extremely easy to be maliciously used, and the consequences are unimaginable.

Of course, there’s another sword of Damocles lurking in the background: the eval function in JavaScript. Almost any JavaScript code can be executed in the eval function, which is essentially a walking compiler. When using this function, you also need to take security precautions, such as limiting any data passed in by unknown users.

Of course, when the event is hot, attention has been paid to it.

See you again, thinking

Until recently, I was working on a project and needed to do something with the image file. There is a graphical image processing tool called Imagemagick on Linux/Mac that has a Swiss Army knife in it. Subconsciously, I came up with the idea of using Node.js’s child process functionality directly. But I think this implementation seems too simple and too local.

So, I went to the Node.js website to see if there were any new graphics processing features. Unfortunately, there are none! But I didn’t give up and continued to search bing. At this point, I found an article (the NODEjs image processing tool GM usage) that explains how to use the NPM package GM to process graphic image files in node.js environment.

I was pleased and thought it was an ideal solution, as the introduction to GM in that article was very clear and simple to use. I started using GM without even reading the manual on the NPM website.

When I excitedly stared at the screen, watching the footsteps start, and then reported abnormal, my mood was first lost, then turned to surprise, and finally, I quietly smiled. The exception did not find the convert command, which is one of the commands below the Imagemagick tool I mentioned above. So I assumed that the GM package was actually implemented along my original lines.

To find out and test my ideas. First, I looked at gm’s official manual on NPM. Sure enough, the very beginning of the documentation clearly indicates that imagemagick needs to be installed before using the tool. So how exactly does it use Imagemagick? Let’s move on.

I looked at the source code of GM. Sure enough, gm uses a cross-spawn package to execute the convert command, and the cross-spawn source code does use child_process.

So far, the whole process has been sorted out. And I was lost in thought…

As you can imagine, using this pattern, the node.js + child_process approach, you can implement a lot of operating system command-line functionality. Before I met GM, I simply thought so. It wasn’t until I met gm that I realized there were actually engineers who used this model to export tools that were widely used (GM’s weekly downloads on NPM, as of this writing, are over 100,000). Sometimes programming techniques evolve so fast that every once in a while a cool new technology comes along and catches on. And sometimes, programming technology is slow to iterate, many of the technologies are clearly new bottles of old wine, but can also shine.

So in the computer industry, if you really love it, you should take a hard look at understanding and understanding the nature of technology, rather than trying to chase new fads. The best way to obtain the key to truth is to see through the essence.

Some thoughts on using gm module in Node.js

Related Posts

Some thoughts on the training of new people

LeetCode 496. Next larger element I

② The results of N students have been put into a linked list structure of the head node in the main function. A points to the head node of the linked list. Write a function called fun, which finds the student’s highest score and returns it.