Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Utility functions for working with the file system.
The primary purpose of this module is to allow for expressions like test(1)
in order to test file existence, file type etc.
npm install cli-fs
Note that rather than mocking lots of files (and file descriptors) these tests run against standard system files, which means if you are not running a UNIX variant (and likely OSX only) these tests may well fail. It is also quite possible that they only work on this machine as permissions can get out of sync, however, effort has been made to use pretty standard values, see the files list to see the paths used for testing.
npm test
This module is designed to support the majority of file tests as described by man test
it does not support complex expressions such as -gt
or !=
which require two operands, this is better achieved with pure javascript.
Use this module when you just want to answer questions like is this file a directory? without all the error handling actually testing that condition implies.
Supported expressions:
-b
: True if file exists and is a block special file.-c
: True if file exists and is a character special file.-d
: True if file exists and is a directory.-e
: True if file exists (regardless of type).-f
: True if file exists and is a regular file.-n
: True if the length of string is nonzero.-p
: True if file is a named pipe (FIFO).-r
: True if file exists and is readable ([1]).-s
: True if file exists and has a size greater than zero.-t
: True if the file descriptor number is open and associated with a terminal.-w
: True if the file exists and is writable ([1]).-x
: True if file exists and is executable. True indicates only that the execute flag is on. If file is a directory, true indicates that file can be searched.-z
: True if the length of string is zero.-L
: True if the file exists and is a symbolic link.-S
: Ture if file exists and is a socket.All functions support asynchronous and synchronous operation, specifying a callback
function implies asynchronous behaviour.
Test an expression.
expr
: The expression to test.value
: The value to test.callback
: An optional callback function, forces an asynchronous test.Returns a boolean indicating whether the test passed or throws an error if the expression is not supported.
Determine if a file is readable, this method opens the file for reading using the r
flag and immediately closes the file [1].
path
: The file system path.callback
: An optional callback function, forces an asynchronous test.Returns a boolean indicating whether the test passed.
Determine if a file is writable, this method opens the file for reading using the r+
flag and immediately closes the file. Because the r+
flag is used this method also tests that the file is readable [1].
path
: The file system path.callback
: An optional callback function, forces an asynchronous test.Returns a boolean indicating whether the test passed.
Determine if a file is has the executable bit set. This method does not ensure that attempting to execute the file will not result in an EPERM
error, use with caution.
path
: The file system path.callback
: An optional callback function, forces an asynchronous test.Returns a boolean indicating whether the test passed.
Array of the supported test expression characters.
Attempt to resolve the user's home directory using the environment variables
HOME
, HOMEPATH
, USERPROFILE
.
Returns the user's home directory or the empty string if none of the environment variables are set.
FAQs
Utility functions for working with the filesystem
We found that cli-fs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.