Version 1.2.4 of command-exists no longer works on windows. No command is found.
It worked in the 1.2.2 version

Hello,
I just noticed that in the NPM registry, the version 1.2.9 is already available, but there is no such tag in this repository, and the version number in the master branch is 1.2.8. Is there some code missing?

Hi, first of all: Thanks for your work!
I noticed the following inconsistencies between Windows and Mac/Linux:

On Mac/Linux an absolute path to an executable file returns true
e.g. /usr/bin/ssh -> true

On Windows an absolute path is not accepted:
e.g. c:\Program Files\putty\plink.exe -> false

While this just seems to be an inconsistency, the following is certainly a bug:

On Mac/Linux all directories are recognized as "existing commands":
e.g. /usr -> true

Create a file named "foo.cmd" in the current directory (this also works with .bat):

echo bar > foo.cmd

and then:

require('command-exists').sync('foo') // => true
require('child_process').spawn('foo') // =>  Uncaught Error: spawn foo ENOENT (no such file)

This is a big problem because npm install -g ... uses .cmd files to add commands (including the npm command itself).

The reason the where command on Windows finds foo.cmd is due to the PATHEXT environment variable, which contains a list of file extensions that you can execute without typing the extension, like .exe and .cmd and .bat.

I think the actual problem here is that node can't run these files (they have some docs on this), but for now this is a false positive.

The module is failing to determine 'cd' (without parameters) as a command in windows.

var commandExistsSync = require('command-exists').sync;
var cmd = 'cd';
console.log("Check for cd : "+ commandExistsSync(cmd));

Output in Windows (Node v6.17.1) :

Check for cd: false

But, cd is indeed a valid command which when used without any parameters displays the current drive and directory. Whereas, other standalone commands such as dir, pwd, ls.. tends to be recognized as valid commands.

Tested and observed this behavior on recent version of node (v14.15.0) and older versions as well ( v6.17.1 , v8.17.0 and v12.13.0).

I'm consuming command-exists as follows (only relevant code included):

import commandExists from 'command-exists';
import { promisify } from 'util';

const doesCommandExist = promisify(commandExists);

const configure = async () => {
  const isNVMInstalled = await doesCommandExist('nvm');
  const isDockerInstalled = await doesCommandExist('docker');
  console.log({ isNVMInstalled, isDockerInstalled });
};
configure();

Both are installed and usable from the command line. The output I get is:

{ isNVMInstalled: false, isDockerInstalled: true }

I'm on
MacOS Catalina 10.15.6 (19G73)
Node v12.16.3

Since the last commit, I now have the following issue: Unhandled rejection TypeError: Cannot read property 'F_OK' of undefined

It seems that you can not rely on module 'fs' to have constants on all version on nodejs

A synchronous variety would also be helpful.

I have cookiecutter installed on Windows 11, WSL2, ubuntu distro. Also have it in the $PATH.

However commandExists('cookiecutter') check does not return true, but thows error.

Is it supposed to work for the env mentioned ?

Issue: We detected vulnerable dependencies in your project by using the command “npm audit”:

npm audit report

debug <=2.6.8 || 3.0.0 - 3.0.1
Regular Expression Denial of Service - https://npmjs.com/advisories/534
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/debug
mocha 0.6.0 - 6.2.2 || 7.0.0-esm1 - 7.1.0
Depends on vulnerable versions of debug
Depends on vulnerable versions of diff
Depends on vulnerable versions of glob
Depends on vulnerable versions of growl
Depends on vulnerable versions of mkdirp
node_modules/mocha

diff <3.5.0
Severity: high
Regular Expression Denial of Service - https://npmjs.com/advisories/1631
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/diff
mocha 0.6.0 - 6.2.2 || 7.0.0-esm1 - 7.1.0
Depends on vulnerable versions of debug
Depends on vulnerable versions of diff
Depends on vulnerable versions of glob
Depends on vulnerable versions of growl
Depends on vulnerable versions of mkdirp
node_modules/mocha

growl <1.10.2
Severity: critical
Command Injection - https://npmjs.com/advisories/146
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/growl
mocha 0.6.0 - 6.2.2 || 7.0.0-esm1 - 7.1.0
Depends on vulnerable versions of debug
Depends on vulnerable versions of diff
Depends on vulnerable versions of glob
Depends on vulnerable versions of growl
Depends on vulnerable versions of mkdirp
node_modules/mocha

lodash <=4.17.20
Severity: high
Prototype Pollution - https://npmjs.com/advisories/1523
Command Injection - https://npmjs.com/advisories/1673
fix available via npm audit fix
node_modules/lodash

minimatch <=3.0.1
Severity: high
Regular Expression Denial of Service - https://npmjs.com/advisories/118
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/mocha/node_modules/minimatch
glob 3.0.0 - 5.0.14
Depends on vulnerable versions of minimatch
node_modules/mocha/node_modules/glob
mocha 0.6.0 - 6.2.2 || 7.0.0-esm1 - 7.1.0
Depends on vulnerable versions of debug
Depends on vulnerable versions of diff
Depends on vulnerable versions of glob
Depends on vulnerable versions of growl
Depends on vulnerable versions of mkdirp
node_modules/mocha

minimist <0.2.1 || >=1.0.0 <1.2.3
Prototype Pollution - https://npmjs.com/advisories/1179
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/minimist
mkdirp 0.4.1 - 0.5.1
Depends on vulnerable versions of minimist
node_modules/mkdirp
mocha 0.6.0 - 6.2.2 || 7.0.0-esm1 - 7.1.0
Depends on vulnerable versions of debug
Depends on vulnerable versions of diff
Depends on vulnerable versions of glob
Depends on vulnerable versions of growl
Depends on vulnerable versions of mkdirp
node_modules/mocha

9 vulnerabilities (3 low, 4 high, 2 critical)

To address issues that do not require attention, run:
npm audit fix

To address all issues (including breaking changes), run:
npm audit fix --force

Questions: We are conducting a research study on vulnerable dependencies in open-source JS projects. We are curious:

1. Will you fix the vulnerabilities mentioned above? (Yes/No), and why?:
2. Do you have any additional comments? (If so, please write it down):

For any publication or research report based on this study, we will share all responses from developers in an anonymous way. Both your projects and personal information will be kept confidential.

Description: Many popular NPM packages have been found vulnerable and may carry significant risks [1]. Developers are recommended to monitor and avoid the vulnerable versions of the library. The vulnerabilities have been identified and reported by other developers, and their descriptions are available in the npm registry [2].

Steps to reproduce:

• Go to the root folder of the project where the package.json file located
• Execute “npm audit”
• Look at the list of vulnerabilities reported

Suggested Solution: Npm has introduced the “npm audit fix” command to fix the vulnerabilities. Execute the command to apply remediation to the dependency tree.

References:
2019. 10 npm Security Best Practices. https://snyk.io/blog/ten-npm-security-best-practices/.
2021. npm-audit. https://docs.npmjs.com/cli/v7/commands/npm-audit.

$ node -e "process.exit(require('command-exists').sync('unknownfilename'))"

INFO: Could not find files for the given pattern(s).

Edit: Note, I'm on Windows.

I realise this project is probably not getting much attention at the moment which is totally fine & understandable.

I just wanted to suggest that it might benefit from taking an env option like child_process.exec does so that someone can say "does this command exist given this environment." I'm in the position of needing that at the moment and will have to look around for other options.

I guess it is both a relatively niche feature and also something that would fit quite naturally into the module?

Hi there...

I'm trying your module.. But it throws false positives when testing for a command with the same name as a folder at the testing location...

For example..

/myProject
  /myFolderName
  /anotherFolder
  /myCommand <-- folder with the same name as the command.

If I test commandExists('myCommand') inside myProject it will throw true because of the folder with the same name as the command.

For some reason on Linux if I run:

let commandExists = require('command-exists');
commandExists('scripts/script1.js').then(y=>console.log('y ',y), n=>console.log('n ', n));

It returns y event though scripts/script1.js hasn't been made executable.

Maybe this is supposed to be the expected behavior?

It's strange because if I run commandExists in node interactive mode it prints n. In a script it prints y. After retesting several different times I don't know if this is my mistake, or what.

Great repo, but it really lacks mac support.

On mac you can exec

which command_name

and it will return you the path.

I can probably do a PR if you're busy. Let me know.

I'd like to be able to do this in a package.json script:

command-exists XYZ || 'echo installing command XYZ'

Can this be done?

Unless there was an error with checking if the command exists. It would make more sense and be more idiomatic to have a resolve(true/false) rather than rejecting in the case of the command not existing. This also means you can use async/await syntax: const exists = await commandExists('the-command')