Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@wulechuan/find-package-dot-json
Advanced tools
Readme
南昌吴乐川
Searches folder tree upwards to try to locate the nearest npm project root folder.
If succeeds, returns both the found path and the parsed package.json
as an object.
function ensureCWDToBeNPMProjectRootAndReturnPackageJSON(options) {
/** **********************************************
* Utilizing `@wulechuan/find-package-dot-json`
** ********************************************** */
const result = require('@wulechuan/find-package-dot-json')({
/**
* Optional.
* Default to process.cwd()
*/
searchingStartPath: '<a path to start with>',
/**
* Optional.
* A non-string value or an empty string
* means any npm project root folder counts,
* ignoring the name of the npm project.
*/
desiredNPMProjectName: '<your fancy npm project name here>',
});
/** ********************************************** */
// If it fails to find one, let's throw an error here.
if (! result) {
throw ReferenceError('Fail to locate npm project root.');
}
// If the program was not thrown, now we are safe to move on.
const {
npmProjectRootPath,
} = result;
// Let's make some use of the found path.
process.chdir(npmProjectRootPath);
console.log(`[${
chalk.gray(moment().format('HH:mm:ss'))
}] Working directory changed to\n${' '.repeat('[HH:mm:ss] '.length)}${
chalk.green(process.cwd())
}\n\n\n`);
// Return the result for outside world to make use of it.
return result;
}
At present, there is only one argument that is accepted. And even that argument is optional.
Let's call the argument options
.
options
, aka arguments[0]
Spec | Def |
---|---|
Type | object |
Optional | yes |
{
searchingStartPath: '<a path to start with>',
desiredNPMProjectName: '<your fancy npm project name here>',
}
options.searchingStartPath
Spec | Def |
---|---|
Type | string |
Allowed Value | any valid path, either absolute or relative |
Default Value | process.cwd() |
Optional | yes |
The path of the searching starting folder.
Since the tool simply does some basic path operations to detect a
package.json
file, theoretically a path to a file instead of a folder as the starting point also works.
options.desiredNPMProjectName
Spec | Def |
---|---|
Type | multiple |
Allowed Value | string that obeys npm naming rules | non-string | empty string |
Default Value | an empty string |
Optional | yes |
The desired npm project name.
If it takes a non-string value or an empty string,
then the first matched package.json
of any npm project counts.
If its value is a non-empty-string, then the string will be check by a Regular Expression to make sure the string to be a valid npm project name.
If the value is considered to be an invalid npm project name, this tool will throw an error;
If the value seems to be a valid one,
then only the first met package.json
with the matched
name
property counts.
Spec | Def |
---|---|
Type | object |
Possible Value | an object literal or a null |
If the tool fails to find a matched result,
null
is returned.
If the desired npm project is located successfully, an object literal is returned, which looks like:
{
npmProjectRootPath: 'a string',
packageJSON: 'an object',
}
FAQs
Search folder tree upwards and locate the nearest npm project root folder, returning the parsed package.json as an object.
The npm package @wulechuan/find-package-dot-json receives a total of 7 weekly downloads. As such, @wulechuan/find-package-dot-json popularity was classified as not popular.
We found that @wulechuan/find-package-dot-json demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.