Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
@yarnpkg/fslib
Advanced tools
@yarnpkg/fslib is a library that provides a set of utilities for working with the filesystem in a more abstract and high-level way. It is part of the Yarn package manager's ecosystem and is designed to facilitate file system operations, especially in the context of Yarn's plugin architecture.
Path manipulation
This feature allows you to convert native paths to portable paths and vice versa. This is useful for ensuring that paths are consistent across different operating systems.
const { npath } = require('@yarnpkg/fslib');
const nativePath = npath.toPortablePath('/some/native/path');
console.log(nativePath); // Outputs: /some/native/path
File reading and writing
This feature provides asynchronous methods for reading and writing files. It simplifies file operations by providing promise-based APIs.
const { xfs } = require('@yarnpkg/fslib');
(async () => {
const filePath = '/path/to/file.txt';
await xfs.writeFilePromise(filePath, 'Hello, world!');
const content = await xfs.readFilePromise(filePath, 'utf8');
console.log(content); // Outputs: Hello, world!
})();
Directory operations
This feature allows you to perform directory operations such as creating directories and reading their contents. It supports recursive directory creation.
const { xfs } = require('@yarnpkg/fslib');
(async () => {
const dirPath = '/path/to/directory';
await xfs.mkdirPromise(dirPath, { recursive: true });
const files = await xfs.readdirPromise(dirPath);
console.log(files); // Outputs: list of files in the directory
})();
fs-extra is a popular library that extends the native Node.js fs module with additional methods and promises. It provides similar functionalities to @yarnpkg/fslib, such as file and directory operations, but it is more general-purpose and not specifically tied to the Yarn ecosystem.
node-fs is another library that extends the native fs module with additional features like recursive directory creation and symbolic link support. It offers similar capabilities to @yarnpkg/fslib but is less focused on path manipulation and more on enhancing the core fs module.
graceful-fs is a drop-in replacement for the native fs module that improves its reliability, especially under heavy load. While it doesn't offer as many high-level utilities as @yarnpkg/fslib, it ensures more robust file system operations.
@yarnpkg/fslib
A TypeScript library abstracting the Node filesystem APIs. We use it for three main reasons:
Our library has two path types, NativePath
and PortablePath
. Most interfaces only accept the later, and instances of the former need to be transformed back and forth using our type-safe utilities before being usable.
The FSLib implements various transparent filesystem layers for a variety of purposes. For instance we use it in Yarn in order to abstract away the zip archive manipulation logic, which is implemented in ZipFS
and exposed through a Node-like interface (called FakeFS
).
All FakeFS
implementations can be transparently layered on top of the builtin Node fs
module, and that's for instance how we can add support for in-zip package loading without you having to care about the exact package format.
All methods from the FakeFS
interface are promisified by default (and suffixed for greater clarity, for instance we offer both readFileSync
and readFilePromise
).
3.1.1
FAQs
Unknown package
The npm package @yarnpkg/fslib receives a total of 2,320,491 weekly downloads. As such, @yarnpkg/fslib popularity was classified as popular.
We found that @yarnpkg/fslib demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.