Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
fb-watchman
Advanced tools
The fb-watchman npm package is a file watching service developed by Facebook that provides a subscription-based API for monitoring file changes. It is designed to be efficient and scales well for large file systems, making it suitable for applications that need to keep track of changes in the file system in real-time.
Subscribe to file changes
This code sample demonstrates how to use fb-watchman to subscribe to changes in JavaScript files within a specified project directory. It sets up a watch, creates a subscription, and logs any changes to the console.
const watchman = require('fb-watchman');
const client = new watchman.Client();
client.capabilityCheck({optional:[], required:['relative_root']}, function(error, resp) {
if (error) {
console.error(error);
client.end();
return;
}
// Initiate the watch
client.command(['watch-project', '/path/to/project'], function(error, resp) {
if (error) {
console.error('Error initiating watch:', error);
return;
}
// Create a subscription
client.command(['subscribe', resp.watch, 'mysubscription', {
expression: ['allof', ['match', '*.js']],
fields: ['name', 'size', 'mtime_ms', 'exists', 'type']
}], function(error, resp) {
if (error) {
console.error('Error creating subscription:', error);
return;
}
console.log('Subscription established', resp.subscribe);
});
});
});
client.on('subscription', function(resp) {
if (resp.subscription === 'mysubscription') {
console.log('File changed:', resp);
}
});
Chokidar is a file watching library that provides an API to watch for file system changes. It is built on top of Node.js's native fs module and is known for its stability and cross-platform support. Chokidar is often used as an alternative to fb-watchman for projects that do not require the scalability offered by fb-watchman or when a simpler API is preferred.
Gaze is another file watching library that allows users to watch files and directories for changes. It provides a simple API and is capable of handling multiple files and directories at once. Gaze is less popular than chokidar and fb-watchman and may not be as efficient for very large file systems.
Nodewatch is a lesser-known file watching library that can be used to monitor file system changes. It is not as widely adopted as fb-watchman or chokidar and may lack some of the advanced features and optimizations present in those libraries.
fb-watchman
is a filesystem watcher that uses the
Watchman file watching service from
Facebook.
Watchman provides file change notification services using very efficient recursive watches and also allows more advanced change matching and filesystem tree querying operations using a powerful expression syntax.
You should install Watchman to make the most of this module.
Then simply:
$ npm install fb-watchman
root
.watch
on a root
using the watch-project
command prior to subscribing to changeswatch-project
consolidates and re-uses existing watches relative to a project root (the location of your .watchmanconfig
or source control repository root)FAQs
Bindings for the Watchman file watching service
The npm package fb-watchman receives a total of 21,913,815 weekly downloads. As such, fb-watchman popularity was classified as popular.
We found that fb-watchman demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.