
Research
/Security News
DuckDB npm Account Compromised in Continuing Supply Chain Attack
Ongoing npm supply chain attack spreads to DuckDB: multiple packages compromised with the same wallet-drainer malware.
deckar01-scandal
Advanced tools
scandal
provides two utilities:
Scanning a directory for paths matching a set of glob inclusions or exclusions. For example, you want to find a list of paths to search that match a certain pattern, but are not ignored by the .gitignore
.
Searching a list of paths for a regex. For example, you have a list of paths, you want to find all instances of /text/gi
.
Unsurprisingly, these two things can be combined to scan and search a directory.
It is written to be simple, flexible and efficient. Scandal does the minimum.
We want to provide modules to combine in any way you'd like. Want to scan in one process and search in another? You can do that.
To be clear, scandal is not a CLI. It can be used from the terminal, but in practice the CLI only used for benchmarking.
scandal
provides two main modules: PathScanner
and PathSearcher
.
Usage is simple:
{PathScanner} = require 'scandal'
scanner = new PathScanner('/Users/me/myDopeProject', options)
scanner.on 'path-found', (path) ->
console.log(path)
scanner.on 'finished-scanning', ->
console.log('All done!')
scanner.scan()
PathScanner
keeps no state. You must consume paths via the path-found
event.
['dirname']
and ['dirname/']
will match all paths in direcotry dirname
inclusions
.{PathSearcher} = require 'scandal'
searcher = new PathSearcher()
# You can subscribe to a `results-found` event
searcher.on 'results-found', (result) ->
# result will contain all the matches for a single path
console.log("Single Path's Results", result)
# Search a list of paths
searcher.searchPaths /text/gi, ['/Some/path', ...], (results) ->
console.log('Done Searching', results)
# Search a single path
searcher.searchPath /text/gi, '/Some/path', (result) ->
console.log('Done Searching', result)
Results from line 10 (1 based) are in the following format.
{
"path": "/Some/path",
"matches": {
"matchText": "Text",
"lineText": "Text in this file!",
"lineTextOffset": 0,
"range": [[9, 0], [9, 4]]
}
}
Like the PathScanner
the searcher keeps no state. You need to consume results via the done callbacks or event.
File reading is fast and memory efficient. It reads in 10k chunks and writes over each previous chunk. Small object creation is kept to a minimum during the read to make light use of the GC.
A third object, PathFilter
is available, but intended for use by the PathScanner
.
If you dont want to think about combining the PathScanner
and PathSearcher
in your own way, a search
function is provided.
{search, PathScanner, PathSearcher} = require 'scandal'
path = '/path/to/search'
scanner = new PathScanner(path, excludeVcsIgnores: true)
searcher = new PathSearcher()
searcher.on 'results-found' (result) ->
# do something rad with the result!
name = "Search #{path}"
console.time name
console.log name
search /text/ig, scanner, searcher, ->
console.timeEnd name
FAQs
Directory Search and Scan Utilities
We found that deckar01-scandal demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Ongoing npm supply chain attack spreads to DuckDB: multiple packages compromised with the same wallet-drainer malware.
Security News
The MCP Steering Committee has launched the official MCP Registry in preview, a central hub for discovering and publishing MCP servers.
Product
Socket’s new Pull Request Stories give security teams clear visibility into dependency risks and outcomes across scanned pull requests.