Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
basic-ftp
Advanced tools
FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript.
The basic-ftp npm package is a client for FTP and FTPS that provides an easy and reliable way to interact with FTP servers from Node.js. It allows for file transfers, directory navigation, and other common FTP operations.
Connect to an FTP server
This code sample demonstrates how to connect to an FTP server using the basic-ftp package. It includes setting up a new FTP client, connecting with credentials, and handling any errors that may occur.
const ftp = require('basic-ftp')
async function connectFTP() {
const client = new ftp.Client()
client.ftp.verbose = true
try {
await client.access({
host: 'myftpserver.com',
user: 'username',
password: 'password',
secure: true
})
console.log('Connected to the FTP server.')
}
catch(err) {
console.log(err)
}
client.close()
}
connectFTP()
List files in a directory
This code sample shows how to list all files in a specific directory on the FTP server. It connects to the server, lists files in the given directory, and then logs the file list.
const ftp = require('basic-ftp')
async function listFiles() {
const client = new ftp.Client()
try {
await client.access({
host: 'myftpserver.com',
user: 'username',
password: 'password',
secure: true
})
const fileList = await client.list('/path/to/directory')
console.log(fileList)
}
catch(err) {
console.log(err)
}
client.close()
}
listFiles()
Download a file
This code sample illustrates how to download a file from the FTP server. It establishes a connection, then downloads the specified file from the server to a local path.
const ftp = require('basic-ftp')
const fs = require('fs')
async function downloadFile() {
const client = new ftp.Client()
const localFilePath = 'local/path/to/file.txt'
const remoteFilePath = 'remote/path/to/file.txt'
try {
await client.access({
host: 'myftpserver.com',
user: 'username',
password: 'password',
secure: true
})
await client.download(fs.createWriteStream(localFilePath), remoteFilePath)
console.log('File downloaded successfully.')
}
catch(err) {
console.log(err)
}
client.close()
}
downloadFile()
Upload a file
This code sample demonstrates how to upload a file to the FTP server. It connects to the server and uploads a file from a local path to the specified path on the server.
const ftp = require('basic-ftp')
const fs = require('fs')
async function uploadFile() {
const client = new ftp.Client()
const localFilePath = 'local/path/to/file.txt'
const remoteFilePath = 'remote/path/to/file.txt'
try {
await client.access({
host: 'myftpserver.com',
user: 'username',
password: 'password',
secure: true
})
await client.upload(fs.createReadStream(localFilePath), remoteFilePath)
console.log('File uploaded successfully.')
}
catch(err) {
console.log(err)
}
client.close()
}
uploadFile()
The 'ftp' package is another FTP client for Node.js that provides similar functionalities to basic-ftp. It supports FTP operations such as uploading, downloading, and directory navigation. Compared to basic-ftp, it has been around longer and has more downloads, but it may not be as modern in terms of syntax and features.
jsftp is a simple FTP client for Node.js, with an emphasis on simplicity and ease of use. It offers a similar feature set to basic-ftp, including file transfers and directory operations. jsftp might be preferred for its straightforward API, but basic-ftp has a more modern promise-based interface.
ftp-srv is a modern and extensible FTP server that is compatible with FTP and FTPS. While basic-ftp is a client library, ftp-srv allows you to create your own FTP server. This package is useful if you need to set up an FTP service rather than connect to an existing one.
This is an FTP client for Node.js. It supports FTPS over TLS, Passive Mode over IPv6, has a Promise-based API, and offers methods to operate on whole directories.
Prefer alternative transfer protocols like HTTPS or SFTP (SSH). Use this library when you have no choice and need to use FTP. Try to use FTPS (FTP over TLS) whenever possible, FTP alone does not provide any security.
Node 10.0 or later is the only dependency.
npm install basic-ftp
The first example will connect to an FTP server using TLS, get a directory listing, upload a file and download it as a copy. Note that the FTP protocol doesn't allow multiple requests running in parallel.
const ftp = require("basic-ftp")
// ESM: import * as ftp from "basic-ftp"
example()
async function example() {
const client = new ftp.Client()
client.ftp.verbose = true
try {
await client.access({
host: "myftpserver.com",
user: "very",
password: "password",
secure: true
})
console.log(await client.list())
await client.uploadFrom("README.md", "README_FTP.md")
await client.downloadTo("README_COPY.md", "README_FTP.md")
}
catch(err) {
console.log(err)
}
client.close()
}
The next example deals with directories and their content. First, we make sure a remote path exists, creating all directories as necessary. Then, we make sure it's empty and upload the contents of a local directory.
await client.ensureDir("my/remote/directory")
await client.clearWorkingDir()
await client.uploadFromDir("my/local/directory")
If you encounter a problem, it may help to log out all communication with the FTP server.
client.ftp.verbose = true
new Client(timeout = 30000)
Create a client instance. Configure it with a timeout in milliseconds that will be used for any connection made. Use 0 to disable timeouts, default is 30 seconds.
close()
Close the client and any open connection. The client can’t be used anymore after calling this method, you'll have to reconnect with access
to continue any work. A client is also closed automatically if any timeout or connection error occurs. See the section on Error Handling below.
closed
True if the client is not connected to a server. You can reconnect with access
.
access(options): Promise<FTPResponse>
Get access to an FTP server. This method will connect to a server, optionally secure the connection with TLS, login a user and apply some default settings (TYPE I, STRU F, PBSZ 0, PROT P). It returns the response of the initial connect command. This is an instance method and thus can be called multiple times during the lifecycle of a Client
instance. Whenever you do, the client is reset with a new connection. This also implies that you can reopen a Client
instance that has been closed due to an error when reconnecting with this method. The available options are:
host (string)
Server host, default: localhostport (number)
Server port, default: 21user (string)
Username, default: anonymouspassword (string)
Password, default: guestsecure (boolean | "implicit")
Explicit FTPS over TLS, default: false. Use "implicit" if you need support for legacy implicit FTPS.secureOptions
Options for TLS, same as for tls.connect() in Node.js.features(): Promise<Map<string, string>>
Get a description of supported features. This will return a Map where keys correspond to FTP commands and values contain further details.
send(command): Promise<FTPResponse>
Send an FTP command and return the first response.
sendIgnoringError(command): Promise<FTPResponse>
Send an FTP command, return the first response, and ignore an FTP error response. Any other error or timeout will still reject the Promise.
cd(path): Promise<FTPResponse>
Change the current working directory.
pwd(): Promise<string>
Get the path of the current working directory.
list([path]): Promise<FileInfo[]>
List files and directories in the current working directory, or at path
if specified. Currently, this library only supports MLSD, Unix and DOS directory listings. See FileInfo for more details.
lastMod(path): Promise<Date>
Get the last modification time of a file. This command might not be supported by your FTP server and throw an exception.
size(path): Promise<number>
Get the size of a file in bytes.
rename(path, newPath): Promise<FTPResponse>
Rename a file. Depending on the server you may also use this to move a file to another directory by providing full paths.
remove(path): Promise<FTPResponse>
Remove a file.
uploadFrom(readableStream | localPath, remotePath, [options]): Promise<FTPResponse>
Upload data from a readable stream or a local file to a remote file. If such a file already exists it will be overwritten. If a file is being uploaded, additional options offer localStart
and localEndInclusive
to only upload parts of it.
appendFrom(readableStream | localPath, remotePath, [options]): Promise<FTPResponse>
Upload data from a readable stream or a local file by appending it to an existing file. If the file doesn't exist the FTP server should create it. If a file is being uploaded, additional options offer localStart
and localEndInclusive
to only upload parts of it.
downloadTo(writableStream | localPath, remotePath, startAt = 0): Promise<FTPResponse>
Download a remote file and pipe its data to a writable stream or to a local file. You can optionally define at which position of the remote file you'd like to start downloading. If the destination you provide is a file, the offset will be applied to it as well. For example: To resume a failed download, you'd request the size of the local, partially downloaded file and use that as the offset.
ensureDir(remoteDirPath): Promise<void>
Make sure that the given remoteDirPath
exists on the server, creating all directories as necessary. The working directory is at remoteDirPath
after calling this method.
clearWorkingDir(): Promise<void>
Remove all files and directories from the working directory.
removeDir(remoteDirPath): Promise<void>
Remove all files and directories from a given directory, including the directory itself. The working directory stays the same unless it is part of the deleted directories.
uploadFromDir(localDirPath, [remoteDirPath]): Promise<void>
Upload the contents of a local directory to the current remote working directory. This will overwrite existing files with the same names and reuse existing directories. Unrelated files and directories will remain untouched. You can optionally provide a remoteDirPath
to put the contents inside any remote directory which will be created if necessary including all intermediate directories. The working directory stays the same after calling this method.
downloadToDir(localDirPath, [remoteDirPath]): Promise<void>
Download all files and directories of the current working directory to a given local directory. You can optionally set a specific remote directory. The working directory stays the same after calling this method.
trackProgress(handler)
Report any transfer progress using the given handler function. See the next section for more details.
Set a callback function with client.trackProgress
to track the progress of any transfer. Transfers are uploads, downloads or directory listings. To disable progress reporting, call trackProgress
without a handler.
// Log progress for any transfer from now on.
client.trackProgress(info => {
console.log("File", info.name)
console.log("Type", info.type)
console.log("Transferred", info.bytes)
console.log("Transferred Overall", info.bytesOverall)
})
// Transfer some data
await client.uploadFrom(someStream, "test.txt")
await client.uploadFrom("somefile.txt", "test2.txt")
// Set a new callback function which also resets the overall counter
client.trackProgress(info => console.log(info.bytesOverall))
await client.downloadToDir("local/path", "remote/path")
// Stop logging
client.trackProgress()
For each transfer, the callback function will receive the filename, transfer type (upload
, download
or list
) and number of bytes transferred. The function will be called at a regular interval during a transfer.
There is also a counter for all bytes transferred since the last time trackProgress
was called. This is useful when downloading a directory with multiple files where you want to show the total bytes downloaded so far.
Any error reported by the FTP server will be thrown as FTPError
. The connection to the FTP server stays intact and you can continue to use your Client
instance.
This is different with a timeout or connection error: In addition to an Error
being thrown, any connection to the FTP server will be closed. You’ll have to reconnect with client.access()
, if you want to continue any work.
Using client.ftp.verbose = true
will log debug-level information to the console. You can use your own logging library by overriding client.ftp.log
. This method is called regardless of what client.ftp.verbose
is set to. For example:
myClient.ftp.log = myLogger.debug
In addition to unit tests and linting, the source code is written in Typescript using rigorous compiler settings like strict
and noImplicitAny
. When building the project, the source is transpiled to Javascript and type declaration files. This makes the library useable for both Javascript and Typescript projects.
get/set client.prepareTransfer
Provide a function that initializes a data connection. FTP uses a dedicated socket connection for each file upload, download and directory listing. This library supports two strategies: Passive Mode over IPv4 (PASV) and IPv6 (EPSV). Active Mode is not supported but could be added using this extension point. The signature of the function is (ftp: FTPContext) => Promise<FTPResponse>
and its job is to set ftp.dataSocket
.
get/set client.parseList
Provide a function to parse directory listing data. This library supports MLSD, Unix and DOS formats. Parsing these list responses is one of the more challenging parts of FTP because there is no standard that all servers adhere to. The signature of the function is (rawList: string) => FileInfo[]
.
The Client API described so far is implemented using an FTPContext. An FTPContext provides the foundation to write an FTP client. It holds the socket connections and provides an API to handle responses and events in a simplified way. Through client.ftp
you get access to this context.
get/set verbose
Set the verbosity level to optionally log out all communication between the client and the server.
get/set encoding
Set the encoding applied to all incoming and outgoing messages of the control connection. This encoding is also used when parsing a list response from a data connection. See https://nodejs.org/api/buffer.html#buffer_buffers_and_character_encodings for what encodings are supported by Node.js. Default is utf8
because most modern servers support it, some of them without mentioning it when requesting features.
This library uses parts of the directory listing parsers written by The Apache Software Foundation. They've been made available under the Apache 2.0 license. See the included notice and headers in the respective files containing the original copyright texts and a description of changes.
FAQs
FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript.
The npm package basic-ftp receives a total of 6,296,700 weekly downloads. As such, basic-ftp popularity was classified as popular.
We found that basic-ftp demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.