Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
@yarnpkg/fslib
Advanced tools
@yarnpkg/fslib is a library that provides a set of utilities for working with the filesystem in a more abstract and high-level way. It is part of the Yarn package manager's ecosystem and is designed to facilitate file system operations, especially in the context of Yarn's plugin architecture.
Path manipulation
This feature allows you to convert native paths to portable paths and vice versa. This is useful for ensuring that paths are consistent across different operating systems.
const { npath } = require('@yarnpkg/fslib');
const nativePath = npath.toPortablePath('/some/native/path');
console.log(nativePath); // Outputs: /some/native/path
File reading and writing
This feature provides asynchronous methods for reading and writing files. It simplifies file operations by providing promise-based APIs.
const { xfs } = require('@yarnpkg/fslib');
(async () => {
const filePath = '/path/to/file.txt';
await xfs.writeFilePromise(filePath, 'Hello, world!');
const content = await xfs.readFilePromise(filePath, 'utf8');
console.log(content); // Outputs: Hello, world!
})();
Directory operations
This feature allows you to perform directory operations such as creating directories and reading their contents. It supports recursive directory creation.
const { xfs } = require('@yarnpkg/fslib');
(async () => {
const dirPath = '/path/to/directory';
await xfs.mkdirPromise(dirPath, { recursive: true });
const files = await xfs.readdirPromise(dirPath);
console.log(files); // Outputs: list of files in the directory
})();
fs-extra is a popular library that extends the native Node.js fs module with additional methods and promises. It provides similar functionalities to @yarnpkg/fslib, such as file and directory operations, but it is more general-purpose and not specifically tied to the Yarn ecosystem.
node-fs is another library that extends the native fs module with additional features like recursive directory creation and symbolic link support. It offers similar capabilities to @yarnpkg/fslib but is less focused on path manipulation and more on enhancing the core fs module.
graceful-fs is a drop-in replacement for the native fs module that improves its reliability, especially under heavy load. While it doesn't offer as many high-level utilities as @yarnpkg/fslib, it ensures more robust file system operations.
@yarnpkg/fslib
A TypeScript library abstracting the Node filesystem APIs. We use it for three main reasons:
Our library has two path types, NativePath
and PortablePath
. Most interfaces only accept the later, and instances of the former need to be transformed back and forth using our type-safe utilities before being usable.
The FSLib implements various transparent filesystem layers for a variety of purposes. For instance we use it in Yarn in order to abstract away the zip archive manipulation logic, which is implemented in ZipFS
and exposed through a Node-like interface (called FakeFS
).
All FakeFS
implementations can be transparently layered on top of the builtin Node fs
module, and that's for instance how we can add support for in-zip package loading without you having to care about the exact package format.
All methods from the FakeFS
interface are promisified by default (and suffixed for greater clarity, for instance we offer both readFileSync
and readFilePromise
).
3.1.0
yarn workspaces list
and yarn workspaces foreach
commands now both support a new --since
option that lets you filter the workspace list by changes (only workspaces that changed since the specified commit will be iterated on). This feature is still a little experimental, especially when used with -R,--recursive
.yarn workspaces foreach
command now handles the fact that a script containing :
only becomes global if it exists in exactly one workspace.yarn workspaces foreach
command now supports --jobs 1
and --jobs unlimited
.yarn init -2
command will now add the packageManager
field to your project manifest.pattern
matcher from logFilters
will now match any part of the log entry.nodeLinker: pnpm
mode will let you install packages using the pnpm install strategy, where packages are stored flat and referenced by each others through symlinks. This mode is still a little experimental, so please send our way bugs you might find.supportedArchitectures
field to manually enforce the presence of specific architectures.nmMode: hardlinks-global
setting will now be automatically downgraded to nmMode: hardlinks-local
when global caches and install folders are kept on different devices, thus letting the install continue normally. A warning will still be produced explaining this behaviour.node_modules
linker maximizes chances to end-up with only one top-level node_modules in the case of using workspacesnmSelfReferences
setting has been added to the nm linker to control whether workspaces are allowed to require themselves - results in creation of self-referencing symlinks. yarn workspaces focus
will not create self-referencing symlinks for excluded workspaces anymore.node_modules
installs.workspace:^
and workspace:~
. When published, those markers will turn into the actual version (just like what used to happen with workspace:*
), except that they'll be prefixed with the relevant semver prefix (respectively ^
and ~
).npmAuditRegistry
setting will let you define which registry to use when running audits. If unset, we'll fallback to the currently configured publish registry (we'll likely change this behavior in Yarn 4 to rather use the fetch registry).node_modules
installs will now be given priority during hoisting, preventing cases when indirect regular dependencies would block the way for direct portal dependencies.pnpify
binary can now be used from inside directories containing spaces.--version
string.node-modules
linker.node-modules
linker, since they cannot be used from the code anyway.fs
module, allowing users to patch it.require.resolve('pnpapi')
will be handled correctly even when using exports
.yarn run
immediately after adding or removing dependencies inside large monorepos.@types
version. This matches the behaviour for peer dependencies.pnpEnableEsmLoader
.resolve
will no longer resolve missing modules to a file with the same name that would happen to be located next to the issuer.FAQs
Unknown package
The npm package @yarnpkg/fslib receives a total of 1,329,310 weekly downloads. As such, @yarnpkg/fslib popularity was classified as popular.
We found that @yarnpkg/fslib demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.