Shell tasks

Modify read/write/execute permissions on a file or directory.

Test whether a file (or directory, or symlink) exists at a path before reading, writing, or branching script logic.

Show the differences between two text files, line by line.

Bundle a folder or set of files into a single `.zip` archive.

Copy a folder and all its contents (subdirectories + files) to a new location.

Get a count of files (excluding directories) in a folder — at depth 1 or recursively, with hidden files included or excluded.

Bundle a directory tree into a single compressed file — for backups, transport, version-snapshot, and the `dist/` artifact step in a build.

Create a uniquely-named temp file or temp directory in a system-managed scratch location.

Remove files whose last-modified time is more than 30 days ago, recursively.

See which files exist only in one directory tree, which differ, and which are identical — for verifying a backup, comparing two checkouts, or spotting accidental changes.

Unpack a `.7z` file — the highest-ratio common archive format, popular on Windows software downloads and big game/asset bundles.

Decompress a `.gz` file — single-file compression you encounter in `.tar.gz`, log rotation (`access.log.gz`), and package metadata.

Unpack a `.tar`, `.tar.gz`, or `.tar.bz2` file into the current directory.

Unpack a `.zip` file from the command line — the most common archive format on the web, and a frequent source of "how do I unzip on Windows without GUI" searches.

List symlinks whose target no longer exists — useful for post-uninstall cleanup, package-manager state, and orphaned-dotfile detection.

Identify files with identical contents across a directory tree (regardless of name) — for cleanup, deduplication, or media library audits.

Locate files matching a glob pattern (e.g. `*.log`) anywhere under the current tree.

List files exceeding a size threshold — useful for cleanup, quota enforcement, and identifying log-rotation gaps.

List every file changed in the last 24 hours, recursively from the current directory.

List every symlink under a directory tree, optionally with their targets and broken-link detection.

Identify the top N largest files under a directory tree, sorted by size.

Print the size of a file in bytes — for quotas, validation, and disk-usage scripts.

Print the last-modification timestamp of a file — useful for cache invalidation, build-system checks, and freshness validation.

Compute a cryptographic checksum (SHA-256 by default, MD5 / SHA-1 for legacy interop) of a file's bytes — for verifying downloads, deduplicating, comparing against a published manifest, or generating cache-bust keys.

Find directories with no files — useful for cleanup, build-output verification, and detecting failed extractions.

Print every file under a directory tree, optionally as a flat list of full paths.

Show what's inside a `.tar`, `.tar.gz`, `.tar.xz`, etc. without extracting — for sanity-checking before unpacking, for grep-searching member names, and for size auditing.

Find the biggest directories anywhere in a tree (not just top-level immediate children) — for tracking down where a node_modules, log dir, or build artifact bloat is hiding deep in a project.

Concatenate the contents of several files into a single output file.

Apply a rename rule (extension swap, prefix add, regex replace) to a batch of files in one shell-native pass — no GUI, no third-party tool.

See which subdirectories consume the most disk space — for "where did 50GB go" investigations or post-clean audits.

Split a single large file into smaller chunks by byte count or line count.

Follow a growing log file as new lines are appended (`tail -f`-style).

React when a file is modified — for tail-style log viewing, hot-reload tooling, or "wait until this completes" automation.

Parse a CSV (with header row) and emit an array of JSON objects keyed by header.

Strip or insert carriage returns to switch a file between Windows (CRLF, \r\n) and Unix (LF, \n) line endings.

Get the line count of one or more files, recursively or in a single command.

Count the number of whitespace-separated words in a file or piped text.

Convert a base64-encoded string back to its original bytes — for inspecting JWT payloads, decoding kubectl secret values, reading basic-auth headers, and pulling binary out of YAML / JSON configs.

Remove duplicate lines from input but KEEP the first occurrence in its original position — for unique-but-sorted-by-recency lists, `$PATH` cleanup, and history dedup.

Convert a string (or file) to its base64 representation — for HTTP basic auth headers, JWT payloads, embedded credentials in YAML, or any text-only transport of binary.

Pull a substring out of a string or a stream of input using a regex — for parsing log lines, extracting an ID from a URL, scraping a version number, or tokenizing a config.

Pull every email address out of a log file or block of text.

Substitute one string for another inside a file (or every file in a tree), in place.

Pretty-print a JSON blob from a curl response, log line, or config file — for human-readable inspection or diffing.

Take tab- or whitespace-separated text and produce aligned columns — for human-readable tables, `mount` / `df` output reformatting, and CSV pretty-printing.

Search a directory tree for a pattern and print N lines of surrounding context for each match — for code archaeology, log spelunking, or config-file forensics.

Iterate through a file one line at a time and run a command per line — for batch processing a hostnames list, replaying a SQL script line-by-line, or reacting to log lines.

Strip whitespace and indentation from a JSON file to produce the smallest valid output.

Collapse multiple spaces / tabs into single spaces and strip line-leading / trailing whitespace — for diff-friendly text, CSV cleanup, and config-file canonicalization.

Extract specific fields from a JSON blob (a curl response, kubectl output, log line) and pipe them into other shell tools — the everyday "grab the .token / .items[].name / .data.url" workflow that differs sharply from just pretty-printing.

Select one random line from a file — useful for fortune-style picks, A/B bucketing, and test sampling.

Filter the stdout of one command through a pattern matcher and print only matching lines.

Indent and format an XML document for human reading.

Strip duplicate lines from a file, optionally preserving original order.

Apply the same find-and-replace operation to a batch of files (filtered by glob, by content, or by recursion) — for renaming an API, fixing a typo across a codebase, or updating a config value.

Randomize the order of lines in a file — useful for sampling, A/B-bucketing, and test fixtures.

Sort lines of a file by the value in a chosen column (numeric or alphabetic).

Remove ESC[…m terminal color sequences from text — for clean log archives, machine-parseable output, and pasting to non-color-aware destinations.

Remove only the whitespace at the start and end of each line (preserving internal spaces) — for cleaning user input, config-file values, and form fields.

Percent-encode a string for safe inclusion in a URL query, or decode an already-percent-encoded string back to its original characters — for building API query parameters, decoding `Location:` redirect headers, and inspecting OAuth callback URLs.

Compute a date offset from another date — e.g. "30 days from today" for expiry calculations, retention windows, and rolling reports.

Add a command's output to the END of a file (creating it if missing) without erasing existing content — for incremental logs, config patches, and accumulators.

Compute the integer number of days between two calendar dates — for SLA timers, log-window queries, license-expiry math, or backfill scripts that ask "how many days have passed since X?".

Detect at runtime whether the current script was sourced into the parent shell (`. script` / `source script`) or executed in a subshell (`bash script`) — so the same file can be used both as a library and as a CLI.

Free disk space taken by downloaded `.deb` / `.rpm` / package archives the package manager keeps after install. Critical on small VMs, Docker images, and CI runners that accumulate hundreds of MB of cached archives across builds.

Delete files that git doesn't know about (build artifacts, scratch files, `.DS_Store`, `node_modules`) — the destructive sibling of `git restore`. ALWAYS dry-run first; there is no reflog recovery.

Clone only the last N commits — for CI runners, ephemeral builds, and tooling that doesn't need full git history.

Take a date / time in one timezone and print its equivalent in another — for "what time is the 3pm Tokyo meeting in New York?", server-log normalization, and any cross-region scheduling task.

Render a Unix-epoch integer (e.g. `1747396980`) as a readable date — for log inspection, file-metadata audits, and translating database timestamps.

Get the number of distinct files that differ between a reference commit (a tag, SHA, or `origin/main`) and the working tree — for CI gates and PR-size summaries.

Determine which shell (bash / zsh / fish / pwsh / cmd) is currently running — for conditional dotfile loading and script-detection scenarios.

Identify the OS name, version, and architecture from inside a shell.

Throw away local edits and reset the working tree to the last commit — the "I messed up, start over" gesture. Three subtly-different idioms (`git restore`, `git checkout --`, `git reset --hard`) cover three different scopes; picking the wrong one either keeps junk or nukes work you wanted to keep.

Make scripts fail loudly on errors — abort on the first failed command, treat unset variables as errors, and propagate pipe failures. The opposite of "fail silently and corrupt data".

Quote / escape a string so it survives word-splitting, glob expansion, and interpretation as multiple arguments — the fix for "spaces in filename break my script" and shell-injection bugs.

Use `git bisect` to binary-search the history between a known-good and known-bad commit, narrowing thousands of commits to the single guilty one in log₂(N) steps.

Given a file path on disk — typically a binary in `/usr/bin`, a library in `/usr/lib`, or a config in `/etc` — print the package that installed it. The inverse of "what files did this package install?" and the canonical way to figure out which package to upgrade, reinstall, or remove when a single file is broken.

Emit `YYYY-MM-DDTHH:MM:SS±HH:MM` (or the UTC `…Z` form) — the format every machine-readable log, JSON API, and database column should agree on.

Pick a random integer in a range — useful for sampling, sleep jitter, or simulation seeds.

Produce a strong random password from the command line — cryptographic-quality, not `$RANDOM`.

Produce a fixed-length random ASCII string — useful for tokens, slugs, file suffixes, and test fixtures.

Mint a random version-4 UUID (or, when ordering matters, a time-sortable UUIDv7) — for primary keys, idempotency tokens, request IDs, and any place a globally-unique identifier is needed without coordinating with a central allocator.

Print the current wall-clock time in UTC (not local time) — essential for log correlation across machines and any DST-safe scheduling logic.

Print the current date / time as either a Unix epoch (seconds since 1970-01-01 UTC) or an ISO 8601 string — for log lines, filenames, expiry calculations, and HTTP `Date` headers.

Print the username running the current shell or script.

Print which weekday a given date falls on — for backup-window scripts ("only run on Sunday"), log rotation, conditional CI gates ("skip the weekly job on Friday"), or `cron` replacements that need day-of-week introspection.

Print which calendar week a date falls into — for sprint planning ("we are in W20"), retention dashboards (weekly bucketing), payroll periods, and any time-series workflow that wants "year-week" as a stable key.

Print the current machine's hostname (short or FQDN).

Add a piece of software to your system from the OS-level package manager — `apt` on Debian/Ubuntu, `dnf` on Fedora/RHEL, `pacman` on Arch, `brew` on macOS, `winget`/`choco`/`scoop` on Windows. The "I need this tool, please install it" gesture.

Print every alias currently defined in the shell — for debugging "why does `ls` behave differently here" and auditing dotfiles.

Print every package installed by the OS-level package manager — for inventory, security audits, reproducing a system on another machine, or "what got pulled in as a dep that I never asked for".

Print the paths of files with uncommitted changes (staged or unstaged) — for pre-commit hooks, CI lint-only-changed gates, and "what am I about to commit".

Print files (or the full diff) of what's currently in the git index — what `git commit` will commit if you run it now.

Give a script the right permissions and shebang so you can run it directly (`./script.sh`) instead of through an interpreter (`bash script.sh`).

Combine a command's error stream with its normal output so a single pipe / file / variable captures BOTH — essential for log aggregation and CI capture.

Convert a human-readable relative-time expression ("3 days ago", "next Monday", "last quarter end") into an absolute date — for log filters, backfill ranges, scheduling, or any script that wants to accept user input the same way GitHub Actions cron does.

Take a string like `2026-05-16T14:23:00Z` and convert it to a typed date object — for filtering logs by time, computing age, or feeding into date arithmetic.

Add a directory to the FRONT of PATH so commands inside it override system equivalents — for tool-version pinning (node@18 vs system node) and local-bin priorities.

Block until the user confirms a destructive action — single-keystroke Y/N, defaulting to NO, case-insensitive, with a timeout so CI never hangs.

Pause the script, show a prompt, and capture whatever the user types — for one-off prompts, simple wizards, and "please confirm" / "please enter your password" interactions.

Capture only error output from a command, optionally merged with stdout, into a file.

Re-run a command until it succeeds or a retry cap is hit — useful for flaky network calls and CI race conditions.

Schedule a one-shot command to run at a given clock time — `at` on Unix, Task Scheduler on Windows.

Repeat a command on a fixed-interval polling loop — useful for live dashboards, healthcheck-watching, and tail-style log monitoring.

Configure a recurring scheduled task — cron on Linux, launchd on macOS, Task Scheduler on Windows.

Make an environment variable available in every NEW shell session (not just the current one) — for setting `JAVA_HOME`, adding to `PATH`, configuring API tokens for daily-use scripts.

Compare two branches' code — for code review, "what did this feature change?" inspection, or merge-conflict preview. The two-dot vs three-dot syntax distinction silently changes what the diff INCLUDES.

List the environment variables visible to the current shell — for debugging "why isn't $FOO set", auditing what subprocesses will inherit, and discovering platform-injected variables (`$HOME`, `$PATH`, `$PSModulePath`).

Render the commit DAG as an ASCII graph so branch topology — merges, forks, fast-forwards, and orphan tips — is visible at a glance, instead of the default linear `git log` that hides every parallel branch.

Print the name of the branch HEAD points at — used in shell prompts, CI build labels, and "deploy what's on the branch" scripts.

Print where on the filesystem a command resolves to — for debugging PATH issues, version mismatches, and "which python is this".

Load variables from a `.env`-style file into the current shell session — for project-specific secrets, dev-mode flags, and tool-version locks.

Discard a command's error output (without affecting stdout or exit code) — for noisy tools whose warnings clutter scripts and CI logs.

Write a command's stdout to a file AND echo it to the terminal in one pass — for logged-but-watchable installer / build / CI runs.

Measure the wall-clock (and optionally CPU / RSS) time of a single command run, for ad-hoc perf checks or regression testing.

Apply available updates to every package currently installed — bring the system to the latest patch level for the OS package manager. The "make this box current" gesture: critical for security baselines, CI base-image refresh, and recovering a stale dev machine.

Treat a command's output as a file argument to another command — e.g. `diff <(sort a) <(sort b)` — without manual tempfile management.

Read the stdout/stderr of an already-running process you did not launch — for debugging daemons, observing what a frozen-looking job is doing, and tailing logs that weren't redirected at start.

Show free and used space per filesystem (or per drive) in a human-readable form.

Report how many processes are alive — useful for load testing, capacity baselining, or detecting fork-bomb / runaway-parallelism conditions.

Locate which PIDs have a specific directory as their CWD — for unmounting a busy filesystem, debugging "device busy" errors, or auditing what is running out of a particular path.

Look up the PID(s) of a running process given its executable name — the lookup that precedes most kill / signal / inspect operations.

List the top CPU-consuming processes — useful for performance triage, runaway-script detection, and capacity planning.

Find the wall-clock age of a process — how long ago it started — for debugging stuck daemons, validating a recent restart, or pinning a leak to "this process has been up for 47 days".

Read the RAM footprint of one running PID — RSS, virtual size, or proportional share — for sizing investigations, leak hunts, and "is this process growing" longitudinal checks.

Terminate every running process whose executable matches a given name.

Terminate every process owned by a given user — useful for forced logout, cleanup, and runaway-session containment.

Find and terminate whatever process is bound to a TCP/UDP port — the answer to "address already in use" when a previous run did not release the socket.

Find defunct child processes whose parent forgot to `wait()` for them — the classic "Z" state — for triaging fork-bomb-like leaks, badly-written supervisors, and PID-table exhaustion incidents.

Watch CPU and memory utilisation continuously from a shell — for triage, capacity planning, and detecting transient spikes that a one-shot ps would miss.

Stop and re-launch a running process — useful for picking up config changes, recovering from leaks, and orchestrated reloads.

Detach a process from the controlling terminal and any parent shell — so it keeps running after logout, SSH disconnect, or terminal close.

Execute a command under another user's identity — for testing service accounts, accessing other users' files, and running as root.

Launch a long-running command without blocking the current shell session.

Auto-execute a build / test / reload step the moment a watched file is saved — the dev-loop primitive behind every "live-reload" tool, without committing to a specific framework.

Kill a command if it has not finished within N seconds — the standard hedge against hung network calls, runaway scripts, and tests that should never block forever.

Execute several commands concurrently and wait for them all — useful for batch downloads, fan-out tasks, and CI test sharding.

Deliver a specific Unix signal to a process — useful for graceful shutdown, config reload, and triggered behaviour.

Run a CPU-hungry job at lower priority so it does not steal cycles from interactive work — or, conversely, give a latency-sensitive job a priority boost.

Display how long the system has been running since the last boot.

Render the parent/child relationships between running processes — useful for tracing rogue children, debugging fork bombs, and understanding shell-spawned subprocess chains.

Identify which running processes consume the most RAM — for debugging memory pressure, leak hunts, or "what is eating my laptop".

Block until a given process exits — useful for sequencing, dependency-management scripts, and orchestrated shutdowns.

Verify that an SSH host is reachable, key auth works, and the server is responsive — without actually opening a shell or running a payload command. The canonical "is the box up + is my key configured" health-check used in deploy scripts and CI preflight.

Test whether a URL returns 2xx/3xx — useful for healthchecks, wait-for-it scripts, and CI smoke tests.

Print the notBefore / notAfter dates of a remote site's TLS certificate (or a local .pem file).

Authenticate to a remote host with a private key file (instead of a password), with the right file permissions and an optional config alias.

Move one or more files between your local machine and a remote host over an SSH-encrypted channel — the standard `scp` / `rsync` / `pscp` operation. The canonical "deploy this build artifact" or "pull these logs back for inspection" gesture.

Forward a local port through an SSH bastion to a remote service (or vice versa).

Save a remote file to disk via HTTP/HTTPS, with progress and resume where supported.

List every TCP / UDP port currently accepting connections on the local host — for security audits ("what is exposed?"), firewall rule verification, troubleshooting "address already in use" errors, and inventory of running services.

Identify the PID and process name bound to a local TCP/UDP port — for debugging "address already in use" errors, auditing what's exposed, and killing a zombie server holding port 3000.

Wipe the local DNS resolver cache — so a freshly-changed record actually resolves to the new IP instead of the stale one.

Print the redirect chain (301/302/303/307/308 hops) from a starting URL to its final 2xx destination.

Tunnel TCP traffic from a port on your local machine to a service reachable from the remote SSH host — bypass NAT, expose an internal database to your laptop, route browser traffic through a jump host, etc. The canonical "ssh -L 5432:localhost:5432 bastion" pattern used to reach private services without VPNing.

Inspect just the response headers of a URL — useful for debugging redirects, caching, CORS, and TLS.

Find the IPv4 address your machine is using on the local network — for sharing dev servers, configuring peers, and debugging "why can't my phone reach my laptop".

Print the hardware (link-layer) address of one or all network interfaces — for license-binding, WoL setup, DHCP reservation matching, inventory audits, or diagnosing why a switch port shows an unexpected device.

Discover the IPv4 (or IPv6) address that the rest of the internet sees you originating from — for opening a firewall rule, debugging "why does this geo-blocked service reject me", checking whether a VPN / proxy is actually engaged, or seeding a DDNS update.

Resolve a hostname (e.g. example.com) to its A / AAAA record from the shell.

Extract individual pieces of a URL (scheme, userinfo, host, port, path, query, fragment) — for log parsing, building tooling that rewrites endpoints, splitting connection strings, or generating routing tables from a manifest.

Execute a single command on a remote host over SSH without opening an interactive shell — capture its stdout/stderr/exit-code on the local side. The canonical "ssh user@host 'systemctl status nginx'" gesture used in deploy scripts, CI, and ad-hoc remote inspection.

Check which TCP/UDP ports are open on a target host — for service discovery, firewall validation, post-deploy "is the new server reachable?" smoke tests, or troubleshooting connectivity ahead of an SSH/HTTP call that's timing out.

POST a JSON body (or form fields, or a file) to a URL and capture the response.

Push arbitrary bytes (an HTTP request, a SMTP greeting, a custom protocol probe) to a remote TCP port and inspect the reply — for debugging service compatibility, capturing banners, reproducing protocol-level bugs, or scripting integrations with text-based protocols.

Spin up a throwaway HTTP server that exposes the current directory — for ad-hoc file sharing, local QA, and sending a static build over your LAN.

Generate a local SSH key pair and install the public half on a remote host so subsequent SSH/SCP/rsync sessions authenticate without typing a password. The standard onboarding step for any developer touching remote machines.

Confirm whether you can open a TCP socket to host:port — the basic "is this thing reachable" check before debugging deeper protocol issues.

Check whether a remote (or local) TCP port is accepting connections — for service health checks, firewall debugging, or pre-flight validation in scripts.

Map the network path to a destination — for diagnosing latency spikes, ISP-level routing problems, and "where exactly is this packet getting dropped".

Reassign a file's group — for granting team-wide read/write via group permissions, for matching a service account's primary group, or for fixing post-clone permissions where the working tree is owned by the wrong group.

Reassign a file or directory to a different user (and optionally group) — for fixing permission errors after copying files between users, after extracting tarballs as root, or when handing data over to a service account.

Search a directory tree for files matching specific permission bits — world-writable files for a security audit, SUID/SGID binaries for a post-CVE sweep, or files with exactly `0644` to verify a deployment.

Apply a single permission change to a directory and every file underneath — for locking down a freshly-extracted tarball, undoing world-writable mistakes, or normalizing permissions on a copied directory.

Inspect the full access-control list of a file — beyond the POSIX nine-bit `rwxrwxrwx` mode — to see per-user / per-group grants, the ACL mask, default (inherited) ACLs, and the audit (SACL) entries that `ls -l` will not show.