npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@gravito/nova

v1.0.0

Published

Bun Shell orchestration engine for Gravito - type-safe shell command execution

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

carllee1983carllee1983

Keywords

gravitoshellprocessbunorchestration

Readme

@gravito/nova

Bun Shell Orchestration Engine for Gravito - Type-safe, shell-injection-resistant shell command execution.

Features

  • 🪐 Galaxy-Ready Orchestration: Seamless PlanetCore integration via OrbitNova for system-wide command execution.
  • 🛡️ Shell Injection Protection: All interpolated values are automatically escaped for maximum security.
  • 🚀 Bun Native Performance: Direct usage of Bun.spawn() for minimal overhead and memory efficiency.
  • 🛠️ Template Literal API: Type-safe shell commands with intuitive syntax.
  • 🌊 Pipeline Support: Compose multiple commands with fluent pipe operations.
  • 🐚 Safe System Bridge: The preferred choice for Orbits like Horizon and Launchpad to interact with the OS.

🌌 Role in Galaxy Architecture

In the Gravito Galaxy Architecture, Nova acts as the External Thrusters (System Interaction).

  • OS Manifestation: Allows the Galaxy to manifest its logic into the physical world (the Operating System) by executing shell commands, managing processes, and interacting with legacy binaries.
  • Trusted Bridge: Provides a secure "Bridge" that prevents user-supplied data from escaping the Galaxy's protection through shell injection attacks.
  • Satellite Automation: Powers the automation scripts and background maintenance tasks triggered by Horizon or Forge.
graph TD
    S[Satellite] -->|Run Command| Nova{Nova Thrusters}
    Nova -->|Escape| Val[Arguments Validation]
    Val -->|Execute| OS([Operating System])
    OS -->|Output| Nova
    Nova -->|Result| S

Installation

bun add @gravito/nova

Quick Start

Standalone Usage

import { Shell } from '@gravito/nova'

// Simple command execution
const result = await Shell.run`echo hello`
console.log(result.stdout) // "hello"

// Get text output directly
const text = await Shell.text`npm whoami`

// Parse JSON output
const data = await Shell.json`curl https://api.example.com/data`

// Array of lines
const lines = await Shell.run`ls -la ${directory}`.lines()

With PlanetCore

import { OrbitNova, Shell } from '@gravito/nova'
import { PlanetCore } from '@gravito/core'

const core = new PlanetCore()
core.addOrbit(new OrbitNova({ exposeAs: 'shell' }))

// In controllers
async handle(ctx: GravitoContext) {
  const result = await ctx.get('shell').run`ls -la`
}

📚 Documentation

Detailed guides and references for the Galaxy Architecture:

API

Shell

Static facade for shell command execution.

Shell.run(strings, ...values): ShellCommand

Execute a shell command with template literal syntax.

const result = await Shell.run`echo ${message}`

Shell.text(strings, ...values): Promise<string>

Execute a command and get stdout as string.

const output = await Shell.text`cat ${file}`

Shell.json<T>(strings, ...values): Promise<T>

Execute a command and parse stdout as JSON.

const data = await Shell.json`curl ${url}`

Shell.cmd(strings, ...values): ShellCommand

Create a command for use in pipelines.

const result = await Shell.pipe(
  Shell.cmd`cat ${file}`,
  Shell.cmd`grep ${pattern}`,
  Shell.cmd`head -n ${count}`
).text()

Shell.pipe(...commands): Pipeline

Create a pipeline from multiple commands.

const output = await Shell.pipe(
  Shell.cmd`cat input.txt`,
  Shell.cmd`sort`,
  Shell.cmd`uniq`
).run()

ShellCommand

Chainable command builder.

Configuration Methods

Shell.run`echo test`
  .cwd('/path/to/dir')        // Set working directory
  .env({ VAR: 'value' })      // Set environment variables
  .quiet()                     // Suppress output
  .nothrow()                   // Don't throw on error
  .timeout(5000)               // Set timeout in ms
  .run()                       // Execute

Execution Methods

const cmd = Shell.run`echo hello`

await cmd.run()               // Get ShellResult
await cmd.text()              // Get stdout as string
await cmd.lines()             // Get stdout as string[]
await cmd.json<T>()           // Parse stdout as JSON

ShellResult

interface ShellResult {
  exitCode: number       // Process exit code
  stdout: string         // Standard output
  stderr: string         // Standard error
  success: boolean       // Whether exitCode === 0
}

Errors

import { NovaError, NovaShellError } from '@gravito/nova'

try {
  await Shell.run`false`
} catch (error) {
  if (error instanceof NovaShellError) {
    console.log(error.exitCode)
    console.log(error.stdout)
    console.log(error.stderr)
  }
}

Shell Injection Protection

All interpolated values are automatically escaped:

// Safe - even with malicious input
const userInput = '$(rm -rf /)'
await Shell.run`echo ${userInput}` // Outputs literal string, not executed

Examples

File Operations

// Check if file exists
const result = await Shell.run`test -f ${filepath}`.nothrow()
const exists = result.success

// Count lines in file
const lineCount = await Shell.text`wc -l < ${filepath}`

// Find files
const files = await Shell.run`find ${dir} -name ${pattern}`.lines()

Process Management

// Get process info
const ps = await Shell.text`ps aux | grep ${processName}`

// Kill process
await Shell.run`kill ${pid}`.nothrow()

Git Operations

// Get current branch
const branch = await Shell.text`git branch --show-current`

// Get commit log
const commits = await Shell.run`git log --oneline -n ${count}`.lines()

NPM/Package Management

// Install dependencies
await Shell.run`npm install`

// Run script
const output = await Shell.text`npm run ${scriptName}`

Error Handling

By default, non-zero exit codes throw errors:

try {
  await Shell.run`command that fails`
} catch (error) {
  // Handle error
}

Suppress errors with .nothrow():

const result = await Shell.run`command that fails`.nothrow()
if (!result.success) {
  console.log(`Exit code: ${result.exitCode}`)
}

Performance

  • No dependencies: Pure Bun implementation
  • Minimal overhead: Direct Bun.spawn() usage
  • Memory efficient: Streams-based output handling
  • Type safe: Full TypeScript support with strict mode

Testing

# Run tests
bun test

# With coverage
bun test --coverage

# Type checking
bun run typecheck

License

MIT

Framework Integration

Nova is integrated into several Gravito packages:

  • @gravito/horizon - Task scheduler and cron jobs now use Nova for shell execution

    • Cleaner Process.ts implementation with automatic escaping
    • Full backward compatibility with existing ProcessResult interface

  • @gravito/launchpad - Docker container orchestration now uses Nova

    • Enhanced cache directory operations with shell injection protection
    • Docker CLI commands preserved with native spawning

Related Packages

Support

For issues and discussions, visit GitHub Issues