Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
filenamify
Advanced tools
The filenamify npm package is used to convert a string into a valid and safe filename by removing or replacing invalid characters that are not allowed in filenames on certain file systems. It can be used to sanitize user input for filenames, ensuring that the resulting string can be safely used as a filename on most platforms.
Sanitize a string to be safe as a filename
This feature allows you to take any string and convert it into a string that is safe to use as a filename by replacing or removing invalid characters.
const filenamify = require('filenamify');
console.log(filenamify('foo/bar')); // 'foo!bar'
Customize replacement character
This feature allows you to specify a custom replacement character for invalid filename characters, giving you control over how the sanitized filename looks.
const filenamify = require('filenamify');
console.log(filenamify('foo:bar', {replacement: '-'})); // 'foo-bar'
Limit filename length
This feature allows you to limit the length of the resulting filename, which can be useful for file systems with length restrictions on filenames.
const filenamify = require('filenamify');
console.log(filenamify('a very long filename that will be truncated', {maxLength: 10})); // 'a very lon'
The sanitize-filename package is similar to filenamify in that it sanitizes input to be safe for use as a filename. It removes or replaces invalid characters and is a straightforward alternative to filenamify.
While slugify is primarily used for creating URL slugs from strings, it can also be used to generate safe filenames. It converts strings into a URL-friendly format, which is also generally safe for filenames, though its primary use case is not for sanitizing filenames like filenamify.
Convert a string to a valid safe filename
On Unix-like systems, /
is reserved. On Windows, <>:"/\|?*
along with trailing periods are reserved.
npm install filenamify
import filenamify from 'filenamify';
filenamify('<foo/bar>');
//=> '!foo!bar!'
filenamify('foo:"bar"', {replacement: '🐴'});
//=> 'foo🐴bar🐴'
Convert a string to a valid filename.
Convert the filename in a path a valid filename and return the augmented path.
import {filenamifyPath} from 'filenamify';
filenamifyPath('foo:bar');
//=> 'foo!bar'
Type: object
Type: string
Default: '!'
String to use as replacement for reserved filename characters.
Cannot contain: <
>
:
"
/
\
|
?
*
Type: number
Default: 100
Truncate the filename to the given length.
Only the base of the filename is truncated, preserving the extension. If the extension itself is longer than maxLength
, you will get a string that is longer than maxLength
, so you need to check for that if you allow arbitrary extensions.
Systems generally allow up to 255 characters, but we default to 100 for usability reasons.
You can also import filenamify/browser
, which only imports filenamify
and not filenamifyPath
, which relies on path
being available or polyfilled. Importing filenamify
this way is therefore useful when it is shipped using webpack
or similar tools, and if filenamifyPath
is not needed.
import filenamify from 'filenamify/browser';
filenamify('<foo/bar>');
//=> '!foo!bar!'
FAQs
Convert a string to a valid safe filename
The npm package filenamify receives a total of 3,612,451 weekly downloads. As such, filenamify popularity was classified as popular.
We found that filenamify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.