Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
atomic-file
Advanced tools
store data in a file, but gaurantee there is never a partial write.
This uses a simple trick to make writes to the file system atomic:
first write the file to {filename}~
, then mv {filename}~ {filename}
although it's possible a program to crash while it's part way through writing a file,
the rename operation (mv
) can only either succeed or fail.
var AtomicFile = require('atomic-file') //default, json encoding
// var AtomicFile = require('atomic-file/buffer') //binary
var af = AtomicFile(filename)
//get the current contents
af.get(function (err, value) {
//write a new value
af.set(value, function (err) {
})
})
note, get stores the read value in memory, so subsequent calls to get will be instant. Successful writes will update the value.
create a new atomic-file instance
read the current value. will callback synchronously if the value is already in memory.
write value
to the file atomically. will callback when it's
definitely on disk.
delete the underlying file. callback when definitely deleted.
MIT
FAQs
store data in a file, but gaurantee there is never a partial write.
The npm package atomic-file receives a total of 33 weekly downloads. As such, atomic-file popularity was classified as not popular.
We found that atomic-file demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.