Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
filenamify
Advanced tools
The filenamify npm package is used to convert a string into a valid and safe filename by removing or replacing invalid characters that are not allowed in filenames on certain file systems. It can be used to sanitize user input for filenames, ensuring that the resulting string can be safely used as a filename on most platforms.
Sanitize a string to be safe as a filename
This feature allows you to take any string and convert it into a string that is safe to use as a filename by replacing or removing invalid characters.
const filenamify = require('filenamify');
console.log(filenamify('foo/bar')); // 'foo!bar'
Customize replacement character
This feature allows you to specify a custom replacement character for invalid filename characters, giving you control over how the sanitized filename looks.
const filenamify = require('filenamify');
console.log(filenamify('foo:bar', {replacement: '-'})); // 'foo-bar'
Limit filename length
This feature allows you to limit the length of the resulting filename, which can be useful for file systems with length restrictions on filenames.
const filenamify = require('filenamify');
console.log(filenamify('a very long filename that will be truncated', {maxLength: 10})); // 'a very lon'
The sanitize-filename package is similar to filenamify in that it sanitizes input to be safe for use as a filename. It removes or replaces invalid characters and is a straightforward alternative to filenamify.
While slugify is primarily used for creating URL slugs from strings, it can also be used to generate safe filenames. It converts strings into a URL-friendly format, which is also generally safe for filenames, though its primary use case is not for sanitizing filenames like filenamify.
Convert a string to a valid safe filename
On Unix-like systems, /
is reserved. On Windows, <>:"/\|?*
along with trailing periods are reserved.
npm install filenamify
import filenamify from 'filenamify';
filenamify('<foo/bar>');
//=> '!foo!bar!'
filenamify('foo:"bar"', {replacement: '🐴'});
//=> 'foo🐴bar🐴'
Convert a string to a valid filename.
Convert the filename in a path a valid filename and return the augmented path.
import {filenamifyPath} from 'filenamify';
filenamifyPath('foo:bar');
//=> 'foo!bar'
Type: object
Type: string
Default: '!'
String to use as replacement for reserved filename characters.
Cannot contain: <
>
:
"
/
\
|
?
*
Type: number
Default: 100
Truncate the filename to the given length.
Only the base of the filename is truncated, preserving the extension. If the extension itself is longer than maxLength
, you will get a string that is longer than maxLength
, so you need to check for that if you allow arbitrary extensions.
Systems generally allow up to 255 characters, but we default to 100 for usability reasons.
You can also import filenamify/browser
, which only imports filenamify
and not filenamifyPath
, which relies on path
being available or polyfilled. Importing filenamify
this way is therefore useful when it is shipped using webpack
or similar tools, and if filenamifyPath
is not needed.
import filenamify from 'filenamify/browser';
filenamify('<foo/bar>');
//=> '!foo!bar!'
FAQs
Convert a string to a valid safe filename
We found that filenamify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.