Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
file-sanity
Advanced tools
file-sanity
A simple npm package to validate and sanitize filenames by removing or replacing invalid characters for Windows, macOS, and Linux.
Installation
npm install file-sanity
Usage
JavaScript API
const { sanitizeFilename, isValid } = require("file-sanity");
// Sanitize a filename: Replace invalid characters with '_'
console.log(sanitizeFilename("test<file.txt")); // Output: test_file.txt
// Custom replacement character
console.log(sanitizeFilename("test<file.txt", { replacement: "-" })); // Output: test-file.txt
// Strict mode: Throw error on invalid characters
try {
sanitizeFilename("test<file.txt", { strict: true });
} catch (err) {
console.log(err.message); // Output: Filename contains invalid characters: <
}
// Check if a filename is valid
console.log(isValid("test.txt")); // Output: true
console.log(isValid("test<file.txt")); // Output: false
CLI
You can use the package from the command line:
# Check if a filename is valid
npx file-sanity isValid "test.txt"
# Output: true
npx file-sanity isValid "test<file.txt"
# Output: false
# Sanitize a filename (default replacement: '_')
npx file-sanity sanitize "test<file.txt"
# Output: test_file.txt
# Sanitize with custom replacement
npx file-sanity sanitize "test<file.txt" --replace=-
# Output: test-file.txt
# Sanitize with strict mode (exits with error code 1 if invalid)
npx file-sanity sanitize "test<file.txt" --strict
# Output: Error: Filename contains invalid characters: <
API
sanitizeFilename(filename, [options])
- filename (
string): The filename to sanitize. - options (
Object, optional):- replacement (
string, default:"_"): Character to replace invalid characters. - strict (
boolean, default:false): Iftrue, throws an error if invalid characters are found.
- replacement (
- Returns:
string- The sanitized filename. - Throws:
TypeErrorif filename is not a string;Errorifstrictistrueand invalid characters are found.
isValid(filename)
- filename (
string): The filename to check. - Returns:
boolean-trueif the filename contains no invalid characters,falseotherwise. - Throws:
TypeErrorif filename is not a string.
Invalid Characters
The package checks for the following invalid characters:
/,\,?,*,:,|,",<,>- ASCII control characters (0–31, including NUL)
License
MIT
FAQs
Validate and sanitize filenames for Windows, macOS, and Linux
We found that file-sanity demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 11 Aug 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025