Security News
Vite+ Joins the Push to Consolidate JavaScript Tooling
Evan You announces Vite+, a commercial, Rust-powered toolchain built on the Vite ecosystem to unify JavaScript development and fund open source.
By Sarah Gooding - Oct 15, 2025
Introducing Socket Firewall: Free, Proactive Protection for Your Software Supply Chain.Learn More →
@akryum/winattr
Advanced tools
winattr 
Foolproof Windows® file attributes for Node.js
Get and set:
archivehiddenreadonlysystem
… on files and/or directories.
A native binding is used, offering great performance. As a contingency in case that fails, functionality will silently revert to a command line, though it is considerably slower.
Installation
It may go without saying, but this library is not intended to run on anything other than Windows.
Node.js >= 4 is required. To install, type this at the command line:
npm install @akryum/winattr
Or:
yarn add @akryum/winattr
Usage
get(path, callback)
path - Path to file or directory
callback(err,attrs) - A callback which is called upon completion
winattr.get("path/to/file.ext", function(err, attrs) {
if (err == null) console.log(attrs);
});
If you omit the callback, a Promise will be return instead.
getSync(path)
path - Path to file or directory
Returns an Object or throws an error if the file or dir cannot be found/accessed.
var attrs = winattr.getSync("path/to/file.ext");
console.log(attrs);
set(path, attrs, callback)
path - Path to file or directory
attrs - An object containing attributes to change
callback(err) - A callback which is called upon completion
winattr.set("path/to/folder/", {readonly:true}, function(err) {
if (err == null) console.log("success");
});
If you omit the callback, a Promise will be return instead.
setSync(path, attrs)
path - Path to file or directory
attrs - An object containing attributes to change
Throws an error if the file or dir cannot be found/accessed.
winattr.setSync("path/to/folder/", {readonly:true});
v3.0.0
Fixed:
- Folder support on non-english OS
New:
getandsetreturn a Promise if no callback is provided.
Previous versions
- 2.0.0 removed support for Node.js v0.10 and v0.12
- 1.1.0 added binding support to Node.js v4
- 1.0.0
- added
getSync(),setSync() - removed
useExec(),useNative() - uses binding by default, with auto-fallback to shell
- added
- 0.2.3 specify which script engine to use in
useExec()"mode" - 0.2.2 switched from
fswin.find()tofswin.getAttributes()now that it's available, tested non-existent files - 0.2.1 nearly pointless fix
- 0.2.0 added fswin,
useExec(),useNative() - 0.1.2 tested on Windows
- 0.1.1 package.json optimization
- 0.1.0 initial release
FAQs
Foolproof Windows® file attributes.
We found that @akryum/winattr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 18 Jun 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Ruby Central Faces Backlash After Publishing Incident Timeline on RubyGems Access Dispute
Ruby Central’s incident report on the RubyGems.org access dispute sparks backlash from former maintainers and renewed debate over project governance.
By Sarah Gooding - Oct 14, 2025
Research
/Security News
Weaponizing Discord for Command and Control Across npm, PyPI, and RubyGems.org
Socket researchers uncover how threat actors weaponize Discord across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
By Olivia Brown - Oct 11, 2025