Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@icetee/ftp
Advanced tools
node-ftp is an FTP client module for node.js that provides an asynchronous interface for communicating with an FTP server.
npm install ftp
var Client = require('ftp');
var c = new Client();
c.on('ready', function() {
c.list(function(err, list) {
if (err) throw err;
console.dir(list);
c.end();
});
});
// connect to localhost:21 as anonymous
c.connect();
var Client = require('ftp');
var fs = require('fs');
var c = new Client();
c.on('ready', function() {
c.get('foo.txt', function(err, stream) {
if (err) throw err;
stream.once('close', function() { c.end(); });
stream.pipe(fs.createWriteStream('foo.local-copy.txt'));
});
});
// connect to localhost:21 as anonymous
c.connect();
var Client = require('ftp');
var fs = require('fs');
var c = new Client();
c.on('ready', function() {
c.put('foo.txt', 'foo.remote-copy.txt', function(err) {
if (err) throw err;
c.end();
});
});
// connect to localhost:21 as anonymous
c.connect();
greeting(< string >msg) - Emitted after connection. msg
is the text the server sent upon connection.
ready() - Emitted when connection and authentication were sucessful.
close(< boolean >hadErr) - Emitted when the connection has fully closed.
end() - Emitted when the connection has ended.
error(< Error >err) - Emitted when an error occurs. In case of protocol-level errors, err
contains a 'code' property that references the related 3-digit FTP response code.
* Note: As with the 'error' event, any error objects passed to callbacks will have a 'code' property for protocol-level errors.
(constructor)() - Creates and returns a new FTP client instance.
connect(< object >config) - (void) - Connects to an FTP server. Valid config properties:
host - string - The hostname or IP address of the FTP server. Default: 'localhost'
port - integer - The port of the FTP server. Default: 21
secure - mixed - Set to true for both control and data connection encryption, 'control' for control connection encryption only, or 'implicit' for implicitly encrypted control connection (this mode is deprecated in modern times, but usually uses port 990) Default: false
secureOptions - object - Additional options to be passed to tls.connect()
. Default: (none)
user - string - Username for authentication. Default: 'anonymous'
password - string - Password for authentication. Default: 'anonymous@'
connTimeout - integer - How long (in milliseconds) to wait for the control connection to be established. Default: 10000
pasvTimeout - integer - How long (in milliseconds) to wait for a PASV data connection to be established. Default: 10000
keepalive - integer - How often (in milliseconds) to send a 'dummy' (NOOP) command to keep the connection alive. Default: 10000
end() - (void) - Closes the connection to the server after any/all enqueued commands have been executed.
destroy() - (void) - Closes the connection to the server immediately.
list([< string >path, ][< boolean >useCompression, ]< function >callback) - (void) - Retrieves the directory listing of path
. path
defaults to the current working directory. useCompression
defaults to false. callback
has 2 parameters: < Error >err, < array >list. list
is an array of objects with these properties:
* type - _string_ - A single character denoting the entry type: 'd' for directory, '-' for file (or 'l' for symlink on **\*NIX only**).
* name - _string_ - The name of the entry.
* size - _string_ - The size of the entry in bytes.
* date - _Date_ - The last modified date of the entry.
* rights - _object_ - The various permissions for this entry **(*NIX only)**.
* user - _string_ - An empty string or any combination of 'r', 'w', 'x'.
* group - _string_ - An empty string or any combination of 'r', 'w', 'x'.
* other - _string_ - An empty string or any combination of 'r', 'w', 'x'.
* owner - _string_ - The user name or ID that this entry belongs to **(*NIX only)**.
* group - _string_ - The group name or ID that this entry belongs to **(*NIX only)**.
* target - _string_ - For symlink entries, this is the symlink's target **(*NIX only)**.
* sticky - _boolean_ - True if the sticky bit is set for this entry **(*NIX only)**.
get(< string >path, [< boolean >useCompression, ]< function >callback) - (void) - Retrieves a file at path
from the server. useCompression
defaults to false. callback
has 2 parameters: < Error >err, < ReadableStream >fileStream.
put(< mixed >input, < string >destPath, [< boolean >useCompression, ]< function >callback) - (void) - Sends data to the server to be stored as destPath
. input
can be a ReadableStream, a Buffer, or a path to a local file. useCompression
defaults to false. callback
has 1 parameter: < Error >err.
append(< mixed >input, < string >destPath, [< boolean >useCompression, ]< function >callback) - (void) - Same as put(), except if destPath
already exists, it will be appended to instead of overwritten.
rename(< string >oldPath, < string >newPath, < function >callback) - (void) - Renames oldPath
to newPath
on the server. callback
has 1 parameter: < Error >err.
logout(< function >callback) - (void) - Logout the user from the server. callback
has 1 parameter: < Error >err.
delete(< string >path, < function >callback) - (void) - Deletes a file, path
, on the server. callback
has 1 parameter: < Error >err.
cwd(< string >path, < function >callback) - (void) - Changes the current working directory to path
. callback
has 2 parameters: < Error >err, < string >currentDir. Note: currentDir
is only given if the server replies with the path in the response text.
abort(< function >callback) - (void) - Aborts the current data transfer (e.g. from get(), put(), or list()). callback
has 1 parameter: < Error >err.
site(< string >command, < function >callback) - (void) - Sends command
(e.g. 'CHMOD 755 foo', 'QUOTA') using SITE. callback
has 3 parameters: < Error >err, < _string >responseText, < integer >responseCode.
status(< function >callback) - (void) - Retrieves human-readable information about the server's status. callback
has 2 parameters: < Error >err, < string >status.
ascii(< function >callback) - (void) - Sets the transfer data type to ASCII. callback
has 1 parameter: < Error >err.
binary(< function >callback) - (void) - Sets the transfer data type to binary (default at time of connection). callback
has 1 parameter: < Error >err.
mkdir(< string >path, [< boolean >recursive, ]< function >callback) - (void) - Creates a new directory, path
, on the server. recursive
is for enabling a 'mkdir -p' algorithm and defaults to false. callback
has 1 parameter: < Error >err.
rmdir(< string >path, [< boolean >recursive, ]< function >callback) - (void) - Removes a directory, path
, on the server. If recursive
, this call will delete the contents of the directory if it is not empty. callback
has 1 parameter: < Error >err.
cdup(< function >callback) - (void) - Changes the working directory to the parent of the current directory. callback
has 1 parameter: < Error >err.
pwd(< function >callback) - (void) - Retrieves the current working directory. callback
has 2 parameters: < Error >err, < string >cwd.
system(< function >callback) - (void) - Retrieves the server's operating system. callback
has 2 parameters: < Error >err, < string >OS.
listSafe([< string >path, ][< boolean >useCompression, ]< function >callback) - (void) - Similar to list(), except the directory is temporarily changed to path
to retrieve the directory listing. This is useful for servers that do not handle characters like spaces and quotes in directory names well for the LIST command. This function is "optional" because it relies on pwd() being available.
size(< string >path, < function >callback) - (void) - Retrieves the size of path
. callback
has 2 parameters: < Error >err, < integer >numBytes.
lastMod(< string >path, < function >callback) - (void) - Retrieves the last modified date and time for path
. callback
has 2 parameters: < Error >err, < Date >lastModified.
restart(< integer >byteOffset, < function >callback) - (void) - Sets the file byte offset for the next file transfer action (get/put) to byteOffset
. callback
has 1 parameter: < Error >err.
mlsd([< string >path, ][< boolean >useCompression, ]< function >callback) - (void) - Retrieves the directory listing of path
. path
defaults to the current working directory. useCompression
defaults to false. callback
has 2 parameters: < Error >err, < array >list. See the list
command for a list of properties. Also see https://tools.ietf.org/html/rfc3659 7.2.
path
. callback
has 1 parameter: < Error >err.FAQs
An FTP client module for node.js
We found that @icetee/ftp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.