Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
extract-files
Advanced tools
Clones a value, recursively extracting File, Blob and ReactNativeFile instances with their object paths, replacing them with null. FileList instances are treated as File instance arrays.
The extract-files package is designed to extract files from a JavaScript object tree so they can be uploaded via a multipart request. It is commonly used in applications that need to handle file uploads, especially in the context of GraphQL operations.
Extract files from an object
This feature allows you to extract files from an object, which is useful when preparing files for upload. The `extractFiles` function takes an object and a path to traverse within the object to find files. It returns an object with the extracted files and a clone of the original object with files replaced by null.
{"operation": "const { extractFiles } = require('extract-files');\nconst file = new File(['content'], 'file.txt', { type: 'text/plain' });\nconst operation = { variables: { file } };\nconst { files, clone } = extractFiles(operation, 'variables');"}
Support for FileList and Map objects
The package can handle `FileList` objects, which are typically obtained from file input elements, and `Map` objects. It can extract files from these complex structures, making it versatile for various file upload scenarios.
{"operation": "const { extractFiles } = require('extract-files');\nconst fileList = document.querySelector('input[type=file]').files;\nconst operation = { variables: { files: fileList } };\nconst { files, clone } = extractFiles(operation, 'variables');"}
The form-data package allows you to create `multipart/form-data` streams to submit files and values via HTTP. It can be used to simulate a form submission with file uploads, similar to extract-files, but it is more focused on constructing the form data itself rather than extracting files from an existing object structure.
Busboy is a Node.js module for parsing incoming HTML form data, including file uploads. It differs from extract-files in that it is used on the server side to process file uploads, whereas extract-files is typically used on the client side to prepare files for upload.
Multer is a Node.js middleware for handling `multipart/form-data`, primarily used for uploading files. It is similar to busboy but is designed to be used with Express applications. Unlike extract-files, multer is not about extracting files from an object but rather about handling file uploads on the server side.
Clones a value, recursively extracting File
, Blob
and ReactNativeFile
instances with their object paths, replacing them with null
. FileList
instances are treated as File
instance arrays.
Used by GraphQL multipart request spec client implementations such as graphql-react
and apollo-upload-client
.
Install with npm:
npm install extract-files
See the extractFiles
documentation to get started.
> 0.5%, not dead
Used to mark a React Native File
substitute in an object tree for extractFiles
. It’s too risky to assume all objects with uri
, type
and name
properties are files to extract.
Parameter | Type | Description |
---|---|---|
file | ReactNativeFileSubstitute | A React Native File substitute. |
An extractable file in React Native.
import { ReactNativeFile } from 'extract-files'
const file = new ReactNativeFile({
uri: uriFromCameraRoll,
name: 'a.jpg',
type: 'image/jpeg'
})
Clones a value, recursively extracting File
, Blob
and ReactNativeFile
instances with their object paths, replacing them with null
. FileList
instances are treated as File
instance arrays.
Parameter | Type | Description |
---|---|---|
value | * | Value (typically an object tree) to extract files from. |
path | ObjectPath? = '' | Prefix for object paths for extracted files. |
Returns: ExtractFilesResult — Result.
Extract files from an object.
For the following:
import { extractFiles } from 'extract-files' const file1 = new File(['1'], '1.txt', { type: 'text/plain' }) const file2 = new File(['2'], '2.txt', { type: 'text/plain' }) const value = { a: file1, b: [file1, file2] } const { clone, files } = extractFiles(value, 'prefix')
value
remains the same.
clone
is:
{ a: null, b: [null, null] }
files
is aMap
instance containing:
Key Value file1
['prefix.a', 'prefix.b.0']
file2
['prefix.b.1']
An extractable file.
Type: File | Blob | ReactNativeFile
What extractFiles
returns.
Type: Object
Property | Type | Description |
---|---|---|
clone | * | Clone of the original input value with files recursively replaced with null . |
files | Map<ExtractableFile, Array<ObjectPath>> | Extracted files and their locations within the original value. |
String notation for the path to a node in an object tree.
Type: String
Object path is property a
, array index 0
, object property b
.
a.0.b
A React Native File
substitute for when using FormData
.
Type: Object
Property | Type | Description |
---|---|---|
uri | String | Filesystem path. |
name | String? | File name. |
type | String? | File content type. |
A camera roll file.
{
uri: uriFromCameraRoll,
name: 'a.jpg',
type: 'image/jpeg'
}
5.0.1
new Date()
) references are copied to the clone instead of recursed as objects; fixing jaydenseric/apollo-upload-client#138 via #9.FAQs
A function to recursively extract files and their object paths within a value, replacing them with null in a deep clone without mutating the original value. FileList instances are treated as File instance arrays. Files are typically File and Blob instance
The npm package extract-files receives a total of 3,667,315 weekly downloads. As such, extract-files popularity was classified as popular.
We found that extract-files demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.