On Windows 10, I have a file called truffle.js in my current folder. I write truffle in the cmd window, expecting to invoke the truffle program which resides elsewhere on my path.

Instead, truffle.js is opened in my favorite IDE (.js files are associated with that IDE). I thought this behavior is only like this for executable files, .bat, .com and .exe. Why does it happen for a .js file?

Note: I subsequently discovered I have no truffle at all installed on my path, but my question remains: why is Windows completing the extension which I did not specify on a non-executable file?

Even after installing truffle and restarting cmd, I can't get the real truffle to run in a folder that contains a file truffle.js.

up vote 75 down vote accepted

Because %PATHEXT% is set to .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC by default. Note how it contains .js.

That means if you type a name, CMD will look for files with these extensions appended, in that order, in the current folder. Only after that will it consider what’s in %PATH%. This behavior cannot be changed. You can modify %PATHEXT% though, like any other environment variable.

  • 2
    To clarify, you mean that windows will take an input, add those file extensions to the input to see if it matches, before looking in the PATH. – TankorSmash Jun 11 at 16:22
  • 9
    Also note that OP's original logic holds - these are all executables (in some sense of the word...), some of them just happen to also be human readable. – Adonalsium Jun 11 at 19:33
  • 2
    @TankorSmash Windows, as in the CreateProcess and I think also the ShellExecute(Ex) APIs, doesn't look at PATHEXT. The extension search is only implemented within the default shells (cmd.exe and powershell.exe). That said, CreateProcess and ShellExecute(Ex) will append .exe specifically. – Bob Jun 12 at 7:02
  • 1
    @hBy2Py I didn’t say to remove it. ;) Though I don’t see much use in having it in %PATHEXT% if you don’t have .js files associated with something that runs them like WScript or CScript or whatever. – Daniel B Jun 12 at 15:16
  • 3
    @hBy2Py if an attacker has enough access to plant a file on your system and execute it, you're already screwed, no matter the file extension or the value of the %PATHEXT% environment variable. – zakinster Jun 12 at 16:40

Your Answer

 
discard

By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

Not the answer you're looking for? Browse other questions tagged or ask your own question.