Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
@yarnpkg/fslib
Advanced tools
@yarnpkg/fslib is a library that provides a set of utilities for working with the filesystem in a more abstract and high-level way. It is part of the Yarn package manager's ecosystem and is designed to facilitate file system operations, especially in the context of Yarn's plugin architecture.
Path manipulation
This feature allows you to convert native paths to portable paths and vice versa. This is useful for ensuring that paths are consistent across different operating systems.
const { npath } = require('@yarnpkg/fslib');
const nativePath = npath.toPortablePath('/some/native/path');
console.log(nativePath); // Outputs: /some/native/path
File reading and writing
This feature provides asynchronous methods for reading and writing files. It simplifies file operations by providing promise-based APIs.
const { xfs } = require('@yarnpkg/fslib');
(async () => {
const filePath = '/path/to/file.txt';
await xfs.writeFilePromise(filePath, 'Hello, world!');
const content = await xfs.readFilePromise(filePath, 'utf8');
console.log(content); // Outputs: Hello, world!
})();
Directory operations
This feature allows you to perform directory operations such as creating directories and reading their contents. It supports recursive directory creation.
const { xfs } = require('@yarnpkg/fslib');
(async () => {
const dirPath = '/path/to/directory';
await xfs.mkdirPromise(dirPath, { recursive: true });
const files = await xfs.readdirPromise(dirPath);
console.log(files); // Outputs: list of files in the directory
})();
fs-extra is a popular library that extends the native Node.js fs module with additional methods and promises. It provides similar functionalities to @yarnpkg/fslib, such as file and directory operations, but it is more general-purpose and not specifically tied to the Yarn ecosystem.
node-fs is another library that extends the native fs module with additional features like recursive directory creation and symbolic link support. It offers similar capabilities to @yarnpkg/fslib but is less focused on path manipulation and more on enhancing the core fs module.
graceful-fs is a drop-in replacement for the native fs module that improves its reliability, especially under heavy load. While it doesn't offer as many high-level utilities as @yarnpkg/fslib, it ensures more robust file system operations.
@yarnpkg/fslib
A TypeScript library abstracting the Node filesystem APIs. We use it for three main reasons:
Our library has two path types, NativePath
and PortablePath
. Most interfaces only accept the later, and instances of the former need to be transformed back and forth using our type-safe utilities before being usable.
The FSLib implements various transparent filesystem layers for a variety of purposes. For instance we use it in Yarn in order to abstract away the zip archive manipulation logic, which is implemented in ZipFS
and exposed through a Node-like interface (called FakeFS
).
All FakeFS
implementations can be transparently layered on top of the builtin Node fs
module, and that's for instance how we can add support for in-zip package loading without you having to care about the exact package format.
All methods from the FakeFS
interface are promisified by default (and suffixed for greater clarity, for instance we offer both readFileSync
and readFilePromise
).
FAQs
Unknown package
The npm package @yarnpkg/fslib receives a total of 1,079,028 weekly downloads. As such, @yarnpkg/fslib popularity was classified as popular.
We found that @yarnpkg/fslib demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.