I'm interested in this module; for portability I require Windows support.

I'll add it and send a pull request. :)

Keep "node" and "8" engine targets for future-proof-ness.

Using a basic script as this one:

var virtualbox=require('virtualbox');
virtualbox.list(function(machines, error) {
  if (error) throw error;
  console.dir(machines);
});

Should output something like:

[2014-06-09 22:33:37.822] [INFO] VirtualBox - Listing VMs
{ 'ae5f532a-4de0-4ab7-a967-c42293447c14': { name: 'Ubuntu', running: false },
  '3451fae4-7e7c-4d75-ac4e-7af9c901cf1a': { name: 'Windows', running: false } }

Instead, I have the following error:

[2014-06-09 22:27:52.126] [INFO] VirtualBox - Listing VMs

C:\Users\C├®dric\Desktop\node_modules\virtualbox\lib\virtualbox.js:95
      if (arrMatches.length === 3) {
                    ^
TypeError: Cannot read property 'length' of null
    at parse_listdata (C:\Users\C├®dric\Desktop\node_modules\virtualbox\lib\virtualbox.js:95:21)
    at C:\Users\C├®dric\Desktop\node_modules\virtualbox\lib\virtualbox.js:67:18
    at C:\Users\C├®dric\Desktop\node_modules\virtualbox\lib\virtualbox.js:42:5
    at ChildProcess.exithandler (child_process.js:645:7)
    at ChildProcess.EventEmitter.emit (events.js:98:17)
    at maybeClose (child_process.js:753:16)
    at Process.ChildProcess._handle.onexit (child_process.js:820:5)

It seems that there is a little problem with list data parsing.

vmExec() assumes a windows host, but it might not be.

I'm using your "virtualbox" package (v0.1.0) on Windows 8.1 with Node.js 0.10.28 and VirtualBox 4.3.12r93733.
A simple script as this one always fails:

var virtualbox=require('virtualbox');
virtualbox.list(function(machines, error) {
  if (error) throw error;
  console.dir(machines);
});

With this error message:

Error: Command failed: 'vboxmanage' n'est pas reconnu en tant que commande interne
ou externe, un programme exécutable ou un fichier de commandes.

    at ChildProcess.exithandler (child_process.js:647:15)
    at ChildProcess.EventEmitter.emit (events.js:98:17)
    at maybeClose (child_process.js:753:16)
    at Process.ChildProcess._handle.onexit (child_process.js:820:5)

The message is in French, but the issue is clear: "VBoxManage.exe" was not found.

Because vboxmanage (for whatever reason) sends the state-saving "0%...10%...90%...100%" message to stderr, the command function will always throw an error when stopping a virtual machine.

We need to publish the new version of virtualbox lib. I don't have permission on the publish so @michaelsanford should publish.

@michaelsanford do you use tj's debug? it's pretty handy, we can replace the logging with it

Need a license

Organizations often have legal requirements mandating license compliance for open-source software usage.

We should agree on a license, and:

• attach it to the package.json; and
• include the complete license in a LICENSE or LICENSE.md file

License Proposal

I propose the MIT or the BSD ISC license (comparison).

My personal take is that this npm should be:

• as widely- and freely-usable as possible,
• including closed-source commercial products (without forcing them to become open-source),
• with as little restriction as possible, and
• not hold the developers and contributors liable in case anything goes wrong.

The MIT license is used in virtually all node modules I have come across, with very few exceptions.

Discuss? @azer It's your baby, so ultimately your decision, I think.

If you choose one, I can implement it. (I've done about 40 pull requests for that for other projects in the last month…)

Some improperly configured systems may not allow for execFile to work flawlessly every time. It would be nice to allow users to customize the behavior/underlying mechanism to execute VBoxManage. A constructor argument should suffice.

I wanted to ask the folks here if they would be interested in moving the codebase to Typescript. This would buy us a pre-runtime type check in addition to the linting already available. I also wanted to ask if this is viable with the current Node version (0.12 and newer, from travis.yml file, not sure if accurate 🤷‍♂️) we are targeting.

I would also like to set up some unit and integration tests for the API before I start making many more changes. I'm going to install mocha, chai, and sinon as tools to help out. Is that cool with everyone here?

This would be great, to have a configuration option to suppress any logger output. 🥰

[2020-05-16 01:47:10.448] [INFO] VirtualBox - Virtualbox version detected as 5

You're using an old log4js version, this makes it hard to set the logLvele() within peerDependencies.

I like this module!

I noticed that Travis is testing against nodejs 0.12.x which is a bit ridiculous.

I think the "previous 5" NodeJS engines are amply sufficient.

Vulnerabilities

DepShield reports that this application's usage of lodash.flattendeep:4.4.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.flattendeep:4.4.0 is a transitive dependency introduced by the following direct dependency(s):

• nodeunit:0.11.3
        └─ tap:12.5.3
              └─ nyc:13.3.0
                    └─ caching-transform:3.0.1
                          └─ package-hash:3.0.0
                                └─ lodash.flattendeep:4.4.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

• Validate against jshint and add a .jshintrc
• And add global strict mode
• Ask npm test (at least for the time being) to jshint /lib and /test

Update the following two dependencies:

log4js  0.x  →  1.x 
async  ^2.1.2  →  ^2.1.4

It would be great to have snapshot support in the module, so that it could be used for backup tasks, too.
Any chance to get snapshotList, snapshotCreate, and snapshotDelete methods?

This issue has been generated on-behalf of Mik317 (https://huntr.dev/app/users/Mik317)

Vulnerability Description

The issue occurs because a user input is formatted inside a command that will be executed without any check. The issue arises here: https://github.com/Node-Virtualization/node-virtualbox/blob/master/lib/virtualbox.js#L58

Steps To Reproduce:

1. Create the following PoC file:

// poc.js
var virtualbox = require('virtualbox');
virtualbox.start('machine_name"; touch HACKED; # ', true, function start_callback(error) {
  if (error) throw error;
  console.log("Virtual Machine has started WITH A GUI!");
});

2. Check there aren't files called HACKED
3. Execute the following commands in another terminal:

npm i virtualbox # Install affected module
node poc.js #  Run the PoC

4. Recheck the files: now HACKED has been created

Bug Bounty

We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/

The README needs better API documentation with clear examples of each method, its parameters, limitations and caveats.

e.g., request

VirtualBox 5.0 now supports encrypted virtual disk images, which non-trivially complicates launch of headless VMs:

9.31.3. Starting a VM with encrypted images

When a VM is started using the GUI, a dialog will open where the user needs to enter all passwords for all encrypted images attached to the VM. If another frontend like VBoxHeadless is used, the VM will be paused as soon as the guest tries to access an encrypted disk. The user needs to provide the passwords through VBoxManage using the following command:

VBoxManage controlvm "uuid|vmname" addencpassword "id" "password" [--removeonsuspend "yes|no"]

To be implemented properly, this feature should be event-driven (or at least poll on a timer), waiting for the machine to pause and ask for a password and then providing one.

The matter of what to do about handling the machine's password is open, see #25.

Problem Context

VirtualBox 5.0 now supports encrypted virtual disk images, which non-trivially complicates launch of headless VMs (see #24).

There does not appear to be a method for bypassing our module and passing passwords as, say, environment variables directly to VirtualBox. This means that node-virtualbox will have to handle them in order to control an encrypted VM.

The problem of what to do about the virtual machine passwords is non-trivial. Ideally, I'd like not to handle them at all. I'm devoted to maintaining the trust of the community; being open source, we can demonstrate our eventual implementation.

Possible Solutions

1. Read environment variable from process.env.VARNAME that the user has passed to their application and simply pass it along in memory to controlvm. It could follow some naming convention that allows us to determine which VM it belongs to without worrying about storing a mapping.

The user should be allowed more control over power states. I propose exporting these as well, for flexibility:

• poweroff
• acpipowerbutton
• acpisleepbutton

(Notably, it is not currently possible to power off a virtual machine.)

In addition to the currently-supported:

• savestate (currently == "stop")
• resume
• pause
• reset

Add a david-dm badge to the README.

Currently:

I'm in favour of adopting the contributor covenant.

I'll leave it open to public discussion.

Please react 👍 / 👎 to this post, or add a text comment if you have something specific to say.

I wonder if i'ts possible to add support for detachable start of VMs. That would help very much in automated testing environments that need a clean machine for each test. I don't see any way to do it now with node-virtualbox.

I'm using version 5.1.22r115126 of VBoxManage on Windows 10.

When I try to run snapshotList for my VMs, I get an error object if there are no snapshot for a VM, but if there are snapshots, the returned array is empty, and the UUID is undefined.

If I try to get the snapshots from the CLI (using "C:\Program Files\Oracle\VirtualBox\\VBoxManage.exe" snapshot "2e996f4f-ca83-4e0f-bf7d-fd8d3d8c93e3" list --machinereadable) I get the following output:

SnapshotName="Istantanea 1"
SnapshotUUID="c3dee892-28f7-475a-ba8a-bac2b98cfac8"
CurrentSnapshotName="Istantanea 1"
CurrentSnapshotUUID="c3dee892-28f7-475a-ba8a-bac2b98cfac8"
CurrentSnapshotNode="SnapshotName"

Hi @colonelpopcorn !

Pursuant to you assembling and hopefully publishing release/1.0.1 and to the access granted from #69, could you please enable 2FA on your npmjs.com account?

Thank you for carrying the torch. 👍

Since we've removed explicit support for versions of node <10, we can tap into the native Promise API to handle our system calls.

Guys, thank you for your work.
I'm working on VirtualBox extension for VSCode and I want to show OS name next to VM name like on SS below.

But instead of just "windows" I want to show "Windows 10 (64-bit)",
instead of "mac" - "Mac OS X (64-bit)"

For this purpose, I need method to perform this command and get all properties as object.

VBoxManage.exe showvminfo -machinereadable "Mac OS machine"

I mean next structure should be converted to next JS object

name="Mac OS machine"
groups="/"
ostype="Mac OS X (64-bit)"
...

{
    name: "Mac OS machine",
    groups: "/",
    ostype: "Mac OS X (64-bit)",
    ...
}

I would appreciate if somebody take care about it.

Investigate and fix any relevant Travis CI build configuration issues to ensure the results from Travis are reliable.

Blocks #37 🚫 ☹️

the functions below in virtualbox.js, could allow for a user to inject additional commands with the cmd variable (ex: "; pwd") resulting in remote command execution assuming this was public facing.

function vboxcontrol(cmd, callback) {
  command('VBoxControl ' + cmd, callback);
}

function vboxmanage(cmd, callback) {
  command(vBoxManageBinary + cmd, callback);
}

Hi! Thank you for this package.

In version 0.1.3.

TypeError: virtualbox.snapshotRestore is not a function

It is right.
But in master this function is existing.

How you can see on SS, I have created MacOs virtual machine. But code on line 432 doesn't work correctly because there is a space in the name.

I noticed build failures purely from ES6 rules which can probably safely be updated, especially given #74 .

It seems that a recent modification broke the build, because of a call to an out-of-scope getOSTypeCallback?

That should probably be fixed before publishing 1.0.1 to npm.

Links

• #75 (which also caused a build problem)
• #69

Hi,

Reading the source it seems, only one instance can be run simultaneously ?
Is it a limitation if vbox ?

Also, i was looking at exec, it won t give access to stdout / stderr / stdin.
Is it a limitation of vbox ?

I m especially looking for windows support.

I d like to spawn some process on the remote and get their standard input/output to process them.
I have poor knowledge of virtualbox, for the moment, i hope you can give me some input about what it can do or not.

Get with the times: shall we replace all those callbacks with promises?

Change

"repository": {
    "type": "git",
    "url": "http://github.com/azer/node-virtualbox.git"
  },

to

"repository": {
    "type": "git",
    "url": "https://github.com/Node-Virtualization/node-virtualbox.git"
  },

I have an error, specified as an issue title, while trying to run tests using this package. After some "googling" I've found an info, that 'execute' command has been depricated and suggestion to use 'run' instead:
http://stackoverflow.com/questions/33471119/unknown-sub-command-execute-when-using-guestcontrol-option

There is some incoherence in returning api methods between master branch and latest tag v0.1.3 (for the moment of writing).

Missing methods snapshotRestore & isRunning

Creating new tag version according to master & update npm packages should resolve the problem.

I am having an issue, and I know the reason why it's happening, but I am unsure if there is a way to solve it.

When I issue a virtualbox.start(vm_name, cb) the callback is getting executed before the VM has fully booted. When I try to execute a command in said VM, it fails as it is not ready for commands. I've "solved" this issue by adding a setTimeout but it feels very hacky. Is there any way to long-poll the VM and query if it's actually ready to accept commands?

Thanks!

The documentation defines the usage of keyboardputscancode as such:

var sequence = [
  { key: 'SHIFT', type: 'make',  code: SCAN_CODES['SHIFT']},
  { key: 'A',     type: 'make',  code: SCAN_CODES['A']},
  { key: 'SHIFT', type: 'break', code: SCAN_CODES.getBreakCode('SHIFT')},
  { key: 'A',     type: 'break', code: SCAN_CODES.getBreakCode('A')}
];
virtualbox.keyboardputscancode("machine_name", sequence, function keyscan_callback(err) {
    if (error) throw error;
    console.log('Sent SHIFT A');
});

But it throws an error:

VBoxManage: error: Error '[object' is not a hex byte!

To reflect the way scan-codes.js works, I think the example should be instead:

var sequence = [
  SCAN_CODES['SHIFT'][0],
  SCAN_CODES['A'][0],
  SCAN_CODES.getBreakCode('SHIFT')[0],
  SCAN_CODES.getBreakCode('A')[0]
];

Without thoughtlessly getting on the something-CI bandwagon, it looks like we might like to add more inline documentation. This would also allow us to programatically generate APIdoc without having to manually maintain our huge README.

e.g., http://inch-ci.org/github/Node-Virtualization/node-virtualbox/branch/master/suggestions

Vulnerabilities

DepShield reports that this application's usage of debug:2.6.9 results in the following vulnerability(s):

• (CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Occurrences

debug:2.6.9 is a transitive dependency introduced by the following direct dependency(s):

• jshint:2.9.6
        └─ phantomjs-prebuilt:2.1.16
              └─ extract-zip:1.6.7
                    └─ debug:2.6.9

• nodeunit:0.11.3
        └─ tap:12.5.3
              └─ tap-mocha-reporter:3.0.7
                    └─ debug:2.6.9

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Would anyone be interested in having functionality for remote SSH management added? A project I am working on involves doing this with multiple VirtualBox hosts, so this would require a way to to call a different exec function. To avoid having to specify this for each function call, I would probably make a class whose methods delegate execution to a particular function. This can be done without adding SSH-specific dependencies to the package by letting the class just accept an alternate execution function as an optional argument.

vboxmanage import/export feature needed. Thank you

I'm looking for a new maintainer to take over node-virtualbox.

Please join the discussion here!

heyy @michaelsanford

would you like to move this repo to an organization, since you've been contributing it a lot more than me ?

my github account can be gone or something in the future, so, we better keep it under your hands!

github has good support for renaming, all links will keep working!