Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
app-root-path
Advanced tools
The app-root-path package is designed to allow Node.js applications to easily determine their root directory. This is particularly useful in scenarios where the application's structure is complex or when it is deployed in an environment where the current working directory is not consistent. The package provides a straightforward API to obtain the root path of the application, making it easier to reference files and directories relative to the application's root.
Determine application root path
This feature allows you to determine the root path of your application. By calling `toString()` on the `appRoot` object, you can get the absolute path to the root directory of your application. This is useful for constructing paths to other resources in your application.
const appRoot = require('app-root-path');
console.log(appRoot.toString());
Resolve paths relative to application root
This feature enables you to resolve paths relative to the application's root directory. By using the `resolve` method, you can easily construct absolute paths to any file or directory within your application, without worrying about the current working directory.
const appRoot = require('app-root-path');
const pathToSomeFile = appRoot.resolve('/path/to/some/file');
console.log(pathToSomeFile);
Require modules relative to application root
This feature simplifies requiring modules that are located relative to the application's root directory. Instead of using complex relative paths, you can use `appRoot.require` to directly require modules based on their path relative to the application's root. This can make code more readable and maintainable.
const appRoot = require('app-root-path');
const myModule = appRoot.require('/path/to/module');
The find-root package provides functionality to find the root directory of a Node.js project by looking for a 'package.json' file. Unlike app-root-path, which determines the application root based on the main module's location, find-root works by traversing up the directory tree until it finds a 'package.json' file. This approach may yield different results in certain project structures.
pkg-dir is another package that helps in finding the root directory of a Node.js project. Similar to find-root, it works by searching for a 'package.json' file in the current directory or any parent directory. pkg-dir returns a promise, making it suitable for use in asynchronous operations. It provides a similar functionality to app-root-path but with a promise-based API.
Please Note: Due to the very limited scope of this module, I do not anticipate needing to make very many changes to it. Expect long stretches of zero updates—that does not mean that the module is outdated.
This simple module helps you access your application's root path from anywhere in the application without resorting to relative paths like require("../../path")
.
$ npm i -S app-root-path
To simply access the app's root path, use the module as though it were a string:
var appRoot = require('app-root-path');
var myModule = require(appRoot + '/lib/my-module.js');
Side note: the module actually returns an object, but that object implements the
toString
method, so you can use it as though it were a string. There are a few edge cases where this might not be the case (most notablyconsole.log
), but they shouldn't affect actual use of the module, where you're almost always concatenating with an additional string.
A helper function is also provided:
var reqlib = require('app-root-path').require;
var myModule = reqlib('/lib/my-module.js');
It's a little hacky, but you can also put this method on your application's global
object to use it everywhere in your project:
// In app.js
global.reqlib = require('app-root-path').require;
// In lib/module/component/subcomponent.js
var myModule = reqlib('/lib/my-module.js');
Finally, you can also just resolve a module path:
var myModulePath = require('app-root-path').resolve('/lib/my-module.js');
You can explicitly set the path, using the environmental variable APP_ROOT_PATH
or by calling require('app-root-path').setPath('/my/app/is/here')
No need to read this unless you're curious—or you run into a (very unlikely) case where the module does not work as expected.
This module uses two different methods to determine the app's root path, depending on the circumstances.
If the module is located inside your project's directory, somewhere within the node_modules
directory (whether directly, or inside a submodule), we effectively do (the actual code takes cross-platform path names/etc into consideration):
path.resolve(__dirname).split('/node_modules')[0];
This will take a path like /var/www/node_modules/submodule/node_modules/app-root-path
and return /var/www
. In nearly all cases, this is just what you need.
The node module loader will also look in a few other places for modules (for example, ones that you install globally with npm install -g
). These can be in one of:
$HOME/.node_modules
$HOME/.node_libraries
$PREFIX/lib/node
Or, anywhere in the NODE_PATH
environmental variable (see documentation).
In these cases, we fall back to an alternate trick:
path.dirname(require.main.filename);
When a file is run directly from Node, require.main
is set to that file's module
. Each module has a filename
property that refers to the filename of that module, so by fetching the directory name for that file, we at least get the directory of file passed to node
. In some cases (process managers and test suites, for example) this doesn't actually give the correct directory, though, so this method is only used as a fallback.
If your module is installed as a global CLI, for example in /usr/local/lib/node_modules/yourmodule
, then
require.main.filename
will report /usr/local/lib/node_modules/yourmodule/bin
, which is probably not what
you want. app-root-path
is aware of this edge-case and will strip the /bin
automatically.
require.main
is missing (ESM imports)require()
statements during packaging.module.require
to appRootPath.require
(which has been deprecated for a while)setPath()
did not update require('app-root-path').path
resolve()
function so that it's not called multiple timesrequire()
method to the appRootPath.require()
function. Which it's true that each module has its own require()
method, in practice it doesn't matter, and it's much simpler this way.When using semantic-release, the preferred method for commits is:
git add …
git cz
(see commitizen)git push
This helps ensure that commits match the expected format. Commits to master
will cause releases.
FAQs
Determine an app's root path from anywhere inside the app
The npm package app-root-path receives a total of 2,874,811 weekly downloads. As such, app-root-path popularity was classified as popular.
We found that app-root-path demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.