Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
find-root
recursively find the closest package.json
usage
Say you want to check if the directory name of a project matches its module name in package.json:
const path = require('path')
const findRoot = require('find-root')
// from a starting directory, recursively search for the nearest
// directory containing package.json
const root = findRoot('/Users/jsdnxx/Code/find-root/tests')
// => '/Users/jsdnxx/Code/find-root'
const dirname = path.basename(root)
console.log('is it the same?')
console.log(dirname === require(path.join(root, 'package.json')).name)
You can also pass in a custom check function (by default, it checks for the
existence of package.json in a directory). In this example, we traverse up
to find the root of a git repo:
const fs = require('fs')
const gitRoot = findRoot('/Users/jsdnxx/Code/find-root/tests', function (dir) {
return fs.existsSync(path.resolve(dir, '.git'))
})
api
findRoot: (startingPath : string, check?: (dir: string) => boolean) => string
Returns the path for the nearest directory to startingPath containing
a package.json file, eg /foo/module.
If check is provided, returns the path for the closest parent directory
where check returns true.
Throws an error if no package.json is found at any level in the
startingPath.
installation
> npm install find-root
running the tests
From package root:
> npm install
> npm test
contributors
- jsdnxx
license
MIT. (c) 2017 jsdnxx
Other packages similar to find-root
pkg-dir
The 'pkg-dir' package provides similar functionality to 'find-root' by finding the closest package.json file in the directory tree. It is a more popular package with additional options and a promise-based API.
app-root-path
The 'app-root-path' package is used to determine the root path of the node application. Unlike 'find-root', which looks for the nearest package.json, 'app-root-path' uses a different heuristic that might be more suitable for certain applications.
root-require
The 'root-require' package allows you to require modules relative to the root of your Node.js project. It is similar to 'find-root' in that it helps with resolving paths in a project, but it is specifically tailored for requiring modules.
FAQs
find the closest package.json
The npm package find-root receives a total of 13,040,053 weekly downloads. As such, find-root popularity was classified as popular.
We found that find-root demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 29 Jun 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025