Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
npm install filed
Filed does a lazy stat call so you can actually open a file and begin writing to it and if the file isn't there it will just be created.
var filed = require('filed');
var f = filed('/newfile')
f.write('test')
f.end()
The returned file object is a stream so you can do standard stream stuff to it. Based on what you do the object it will be a read stream, a write stream.
So if you send data to it, it'll be a write stream.
fs.createReadStream.pipe(filed('/newfile'))
If you pipe it to a destination it'll be a read stream.
filed('/myfile').pipe(fs.createWriteStream('/out'))
And of course you can pipe a filed object from itself to itself and it'll figure it out.
filed('/myfile').pipe(filed('/newfile'))
Those familiar with request will be familiar seeing object capability detection when doing HTTP. filed does this as well.
http.createServer(function (req, resp) {
filed('/data.json').pipe(resp)
})
Not only does the JSON file get streamed to the HTTP Response it will include an Etag, Last-Modified, Content-Length, and a Content-Type header based on the filed extension.
http.createServer(function (req, resp) {
req.pipe(filed('/newfile')).pipe(resp)
})
When accepting a PUT request data will be streamed to the file and a 201 status will be sent on the HTTP Response when the upload is finished.
During a GET request a 404 Response will be sent if the file does not exist.
http.createServer(function (req, resp) {
req.pipe(filed('/data.json')).pipe(resp)
})
The Etag and Last-Modified headers filed creates are based solely on the stat() call so if you pipe a request to an existing file the cache control headers will be taken into account; a 304 response will be sent if the cache control headers match a new stat() call. This can be very helpful in avoiding unnecessary disc reads.
http.createServer(function (req, resp) {
req.pipe(filed('/directory')).pipe(resp)
})
Just to round out the full feature set and make it full file server if you give filed an existing directory it will actually check for an index.html file in that directory and serve it if it exists.
ASL 2.0
, see LICENSE file.
FAQs
Simplified file library.
The npm package filed receives a total of 3,137 weekly downloads. As such, filed popularity was classified as popular.
We found that filed demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.