Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The cpx npm package is a tool for copying files and directories with various options. It is useful for tasks such as copying files during a build process, synchronizing directories, and more.
Copy files from source to destination
This command copies all files and directories from the 'src' directory to the 'dist' directory. The glob pattern 'src/**/*' matches all files and directories recursively.
cpx 'src/**/*' dist
Watch mode
This command copies files from 'src' to 'dist' and continues to watch for changes. When a file in the 'src' directory is modified, it will be copied to the 'dist' directory automatically.
cpx 'src/**/*' dist --watch
Include and exclude patterns
This command copies only JavaScript files from 'src' to 'dist', excluding any files that match the '*.test.js' pattern.
cpx 'src/**/*' dist --include='*.js' --exclude='*.test.js'
Clean destination before copying
This command cleans the 'dist' directory before copying files from 'src' to 'dist'. This ensures that the destination directory is empty before the new files are copied.
cpx 'src/**/*' dist --clean
The copyfiles package is another tool for copying files and directories. It offers similar functionality to cpx, including support for glob patterns and options for flattening directory structures. However, it does not have a built-in watch mode.
The ncp (Node Copy) package is a simple utility for copying files and directories. It is known for its ease of use and reliability. Unlike cpx, ncp does not support glob patterns or watch mode, but it is a solid choice for straightforward copy operations.
The fs-extra package extends the native Node.js fs module with additional methods, including methods for copying files and directories. It provides a more comprehensive set of file system utilities compared to cpx, but it requires more setup and code to achieve similar tasks.
Copy file globs, watching for changes.
This module provides a CLI tool like cp
, but with watching.
npm install cpx
Usage: cpx <source> <dest> [options]
Copy files, watching for changes.
<source> The glob of target files.
<dest> The path of a destination directory.
Options:
-c, --command <command> A command text to transform each file.
-C, --clean Clean files that matches <source> like pattern in
<dest> directory before the first copying.
-L, --dereference Follow symbolic links when copying from them.
-h, --help Print usage information.
--include-empty-dirs The flag to copy empty directories which is
matched with the glob.
--no-initial The flag to not copy at the initial time of watch.
Use together '--watch' option.
-p, --preserve The flag to copy attributes of files.
This attributes are uid, gid, atime, and mtime.
-t, --transform <name> A module name to transform each file. cpx lookups
the specified name via "require()".
-u, --update The flag to not overwrite files on destination if
the source file is older.
-v, --verbose Print copied/removed files.
-V, --version Print the version number.
-w, --watch Watch for files that matches <source>, and copy
the file to <dest> every changing.
$ cpx "src/**/*.{html,png,jpg}" app --watch
This example will copy html/png/jpg files from src
directory to app
directory, keeping file tree structure.
Whenever the files are changed, copy them.
Since Bash expands globs, requires to enclose it with double quotes.
You can use together Browserify.
$ cpx "src/**/*.{html,png,jpg}" app -w & watchify src/index.js -o app/index.js
You can use shell commands to convert each file.
$ cpx "src/**/*.js" app -w -c "babel --source-maps inline"
You can use the transform packages for Browserify.
$ cpx "src/**/*.js" app -w -t babelify -t uglifyify
It maybe can use to add header comment, to optimize images, or etc...
You can use this module as a node module.
var cpx = require("cpx");
cpx.copy(source, dest, options, callback)
cpx.copy(source, dest, callback)
{string}
-- A file glob of copy targets.{string}
-- A file path of a destination directory.{object}
{boolean}
-- The flag to remove files that copied on past before copy. Default: false
.{boolean}
-- The flag to follow symbolic links when copying from them. Default: false
.{boolean}
-- The flag to copy empty directories which is matched with the glob. Default: false
.{boolean}
-- The flag to not copy at the initial time of watch. This is for cpx.watch()
. Default: true
.{boolean}
-- The flag to copy uid, gid, atime, and mtime of files. Default: false
.{((filepath: string) => stream.Transform)[]}
-- Functions that creates a stream.Transform
object to transform each copying file.{boolean}
-- The flag to not overwrite files on destination if the source file is older. Default: false
.{(err: Error|null) => void}
-- A function that is called at done.Copy files that matches with source
glob to dest
directory.
cpx.copySync(source, dest, options)
cpx.copySync(source, dest)
A synchronous function of cpx.copy
.
Arguments is almost same as cpx.copy
.
But options.transform
is not supported.
cpx.watch(source, dest, options)
cpx.watch(source, dest)
Copy files that matches with source
glob string to dest
directory.
After the first copy, starts observing. And copy the files when every changes.
Arguments is same as cpx.copy
.
cpx.watch
returns an EventEmitter
.
.on("copy", (e) => { ... })
: Be fired after file is copied. e.srcPath
is a path of original file. e.dstPath
is a path of new file..on("remove", (e) => { ... })
: Be fired after file is removed. e.path
is a path of removed file..on("watch-raedy", () => { ... })
: Be fired when started watching files, after the first copying..on("watch-error", (err) => { ... })
: Be fired when occured errors during watching.Thank you for contributions!
Please use GitHub Issues.
Please use GitHub Pull Requests. I would especially thank for document corrections since I'm not familiar with English.
Please use GitHub Pull Requests.
There are some npm-scripts to help developments.
npm test
- Run tests and collect coverage.npm run build
- Make lib directory from src directory.npm run clean
- Delete directories (folders) which are created by other commands.npm run lint
- Run ESLint.npm run watch
- Run tests (not collect coverage) when each file was modified.npm run open-coverage
- Open the coverage report of the last npm test
command with web browser.FAQs
Copy file globs, watching for changes.
We found that cpx demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.