Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
node-ftp is an FTP client module for node.js that provides an asynchronous interface for communicating with an FTP server.
npm install ftp
var Client = require('ftp');
var c = new Client();
c.on('ready', function() {
c.list(function(err, list) {
if (err) throw err;
console.dir(list);
c.end();
});
});
// connect to localhost:21 as anonymous
c.connect();
var Client = require('ftp');
var fs = require('fs');
var c = new Client();
c.on('ready', function() {
c.get('foo.txt', function(err, stream) {
if (err) throw err;
stream.once('close', function() { c.end(); });
stream.pipe(fs.createWriteStream('foo.local-copy.txt'));
});
});
// connect to localhost:21 as anonymous
c.connect();
var Client = require('ftp');
var fs = require('fs');
var c = new Client();
c.on('ready', function() {
c.put('foo.txt', 'foo.remote-copy.txt', function(err) {
if (err) throw err;
c.end();
});
});
// connect to localhost:21 as anonymous
c.connect();
greeting(< string >msg) - Emitted after connection. msg
is the text the server sent upon connection.
ready() - Emitted when connection and authentication were sucessful.
close(< boolean >hadErr) - Emitted when the connection has fully closed.
end() - Emitted when the connection has ended.
error(< Error >err) - Emitted when an error occurs. In case of protocol-level errors, err
contains a 'code' property that references the related 3-digit FTP response code.
* Note: As with the 'error' event, any error objects passed to callbacks will have a 'code' property for protocol-level errors.
(constructor)() - Creates and returns a new FTP client instance.
connect(< object >config) - (void) - Connects to an FTP server. Valid config properties:
host - string - The hostname or IP address of the FTP server. Default: 'localhost'
port - integer - The port of the FTP server. Default: 21
secure - mixed - Set to true for both control and data connection encryption, 'control' for control connection encryption only, or 'implicit' for implicitly encrypted control connection (this mode is deprecated in modern times, but usually uses port 990) Default: false
secureOptions - object - Additional options to be passed to tls.connect()
. Default: (none)
user - string - Username for authentication. Default: 'anonymous'
password - string - Password for authentication. Default: 'anonymous@'
connTimeout - integer - How long (in milliseconds) to wait for the control connection to be established. Default: 10000
pasvTimeout - integer - How long (in milliseconds) to wait for a PASV data connection to be established. Default: 10000
keepalive - integer - How often (in milliseconds) to send a 'dummy' (NOOP) command to keep the connection alive. Default: 10000
end() - (void) - Closes the connection to the server after any/all enqueued commands have been executed.
destroy() - (void) - Closes the connection to the server immediately.
list([< string >path, ][< boolean >useCompression, ]< function >callback) - (void) - Retrieves the directory listing of path
. path
defaults to the current working directory. useCompression
defaults to false. callback
has 2 parameters: < Error >err, < array >list. list
is an array of objects with these properties:
* type - _string_ - A single character denoting the entry type: 'd' for directory, '-' for file (or 'l' for symlink on **\*NIX only**).
* name - _string_ - The name of the entry.
* size - _string_ - The size of the entry in bytes.
* date - _Date_ - The last modified date of the entry.
* rights - _object_ - The various permissions for this entry **(*NIX only)**.
* user - _string_ - An empty string or any combination of 'r', 'w', 'x'.
* group - _string_ - An empty string or any combination of 'r', 'w', 'x'.
* other - _string_ - An empty string or any combination of 'r', 'w', 'x'.
* owner - _string_ - The user name or ID that this entry belongs to **(*NIX only)**.
* group - _string_ - The group name or ID that this entry belongs to **(*NIX only)**.
* target - _string_ - For symlink entries, this is the symlink's target **(*NIX only)**.
* sticky - _boolean_ - True if the sticky bit is set for this entry **(*NIX only)**.
get(< string >path, [< boolean >useCompression, ]< function >callback) - (void) - Retrieves a file at path
from the server. useCompression
defaults to false. callback
has 2 parameters: < Error >err, < ReadableStream >fileStream.
put(< mixed >input, < string >destPath, [< boolean >useCompression, ]< function >callback) - (void) - Sends data to the server to be stored as destPath
. input
can be a ReadableStream, a Buffer, or a path to a local file. useCompression
defaults to false. callback
has 1 parameter: < Error >err.
append(< mixed >input, < string >destPath, [< boolean >useCompression, ]< function >callback) - (void) - Same as put(), except if destPath
already exists, it will be appended to instead of overwritten.
rename(< string >oldPath, < string >newPath, < function >callback) - (void) - Renames oldPath
to newPath
on the server. callback
has 1 parameter: < Error >err.
logout(< function >callback) - (void) - Logout the user from the server. callback
has 1 parameter: < Error >err.
delete(< string >path, < function >callback) - (void) - Deletes a file, path
, on the server. callback
has 1 parameter: < Error >err.
cwd(< string >path, < function >callback) - (void) - Changes the current working directory to path
. callback
has 2 parameters: < Error >err, < string >currentDir. Note: currentDir
is only given if the server replies with the path in the response text.
abort(< function >callback) - (void) - Aborts the current data transfer (e.g. from get(), put(), or list()). callback
has 1 parameter: < Error >err.
site(< string >command, < function >callback) - (void) - Sends command
(e.g. 'CHMOD 755 foo', 'QUOTA') using SITE. callback
has 3 parameters: < Error >err, < _string >responseText, < integer >responseCode.
status(< function >callback) - (void) - Retrieves human-readable information about the server's status. callback
has 2 parameters: < Error >err, < string >status.
ascii(< function >callback) - (void) - Sets the transfer data type to ASCII. callback
has 1 parameter: < Error >err.
binary(< function >callback) - (void) - Sets the transfer data type to binary (default at time of connection). callback
has 1 parameter: < Error >err.
mkdir(< string >path, [< boolean >recursive, ]< function >callback) - (void) - Creates a new directory, path
, on the server. recursive
is for enabling a 'mkdir -p' algorithm and defaults to false. callback
has 1 parameter: < Error >err.
rmdir(< string >path, [< boolean >recursive, ]< function >callback) - (void) - Removes a directory, path
, on the server. If recursive
, this call will delete the contents of the directory if it is not empty. callback
has 1 parameter: < Error >err.
cdup(< function >callback) - (void) - Changes the working directory to the parent of the current directory. callback
has 1 parameter: < Error >err.
pwd(< function >callback) - (void) - Retrieves the current working directory. callback
has 2 parameters: < Error >err, < string >cwd.
system(< function >callback) - (void) - Retrieves the server's operating system. callback
has 2 parameters: < Error >err, < string >OS.
listSafe([< string >path, ][< boolean >useCompression, ]< function >callback) - (void) - Similar to list(), except the directory is temporarily changed to path
to retrieve the directory listing. This is useful for servers that do not handle characters like spaces and quotes in directory names well for the LIST command. This function is "optional" because it relies on pwd() being available.
size(< string >path, < function >callback) - (void) - Retrieves the size of path
. callback
has 2 parameters: < Error >err, < integer >numBytes.
lastMod(< string >path, < function >callback) - (void) - Retrieves the last modified date and time for path
. callback
has 2 parameters: < Error >err, < Date >lastModified.
restart(< integer >byteOffset, < function >callback) - (void) - Sets the file byte offset for the next file transfer action (get/put) to byteOffset
. callback
has 1 parameter: < Error >err.
FAQs
WebJar for ftp
We found that org.webjars.npm:ftp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.