
Research
NPM targeted by malware campaign mimicking familiar library names
Socket uncovered npm malware campaign mimicking popular Node.js libraries and packages from other ecosystems; packages steal data and execute remote code.
The find-up npm package is a utility that allows you to find and read files or directories by traversing up the file system. It's useful for finding configuration files and other resources that may be located in a parent directory relative to the current working directory.
Find a file by name
This feature allows you to find a file by its name, starting from the current directory and searching upwards through the parent directories.
const findUp = require('find-up');
(async () => {
const filePath = await findUp('unicorn.png');
console.log(filePath);
//=> '/Users/sindresorhus/unicorn.png'
})();
Find a file using a matcher function
This feature allows you to use a custom matcher function to find a file. The function receives the current directory and returns the path to stop at or `undefined` to continue searching.
const findUp = require('find-up');
(async () => {
const filePath = await findUp(directory => directory === '/Users/sindresorhus' ? 'unicorn.png' : undefined);
console.log(filePath);
//=> '/Users/sindresorhus/unicorn.png'
})();
Find a file with a specific name in an array of names
This feature allows you to pass an array of file names to `findUp`, and it will return the first file found with one of those names.
const findUp = require('find-up');
(async () => {
const filePath = await findUp(['rainbow.png', 'unicorn.png']);
console.log(filePath);
//=> '/Users/sindresorhus/unicorn.png'
})();
The locate-path package is similar to find-up as it also searches for files or directories by traversing up the directory tree. However, locate-path does not provide the convenience methods for matching files that find-up does.
The pkg-up package is designed specifically to find the closest package.json file in the directory tree. It is a more specialized tool compared to find-up, which can search for any file or directory.
findup-sync is similar to find-up but uses glob patterns for searching and is based on the micromatch library. It provides a synchronous API, unlike find-up which is promise-based and supports async/await.
Find a file or directory by walking up parent directories
npm install find-up
/
└── Users
└── sindresorhus
├── unicorn.png
└── foo
└── bar
├── baz
└── example.js
example.js
import path from 'node:path';
import {findUp, pathExists} from 'find-up';
console.log(await findUp('unicorn.png'));
//=> '/Users/sindresorhus/unicorn.png'
console.log(await findUp(['rainbow.png', 'unicorn.png']));
//=> '/Users/sindresorhus/unicorn.png'
console.log(await findUp(async directory => {
const hasUnicorns = await pathExists(path.join(directory, 'unicorn.png'));
return hasUnicorns && directory;
}, {type: 'directory'}));
//=> '/Users/sindresorhus'
Returns a Promise
for either the path or undefined
if it could not be found.
Returns a Promise
for either the first path found (by respecting the order of the array) or undefined
if none could be found.
Returns a Promise
for either an array of paths or an empty array if none could be found.
Returns a Promise
for either an array of the first paths found (by respecting the order of the array) or an empty array if none could be found.
Returns a path or undefined
if it could not be found.
Returns the first path found (by respecting the order of the array) or undefined
if none could be found.
Returns an array of paths or an empty array if none could be found.
Returns an array of the first paths found (by respecting the order of the array) or an empty array if none could be found.
Type: string
The name of the file or directory to find.
Type: Function
A function that will be called with each directory until it returns a string
with the path, which stops the search, or the root directory has been reached and nothing was found. Useful if you want to match files with certain patterns, set of permissions, or other advanced use-cases.
When using async mode, the matcher
may optionally be an async or promise-returning function that returns the path.
Type: object
Type: URL | string
Default: process.cwd()
The directory to start from.
Type: string
Default: 'file'
Values: 'file' | 'directory'
The type of path to match.
Type: boolean
Default: true
Allow symbolic links to match if they point to the chosen path type.
Type: URL | string
Default: Root directory
A directory path where the search halts if no matches are found before reaching this point.
Returns a Promise<boolean>
of whether the path exists.
Returns a boolean
of whether the path exists.
Type: string
The path to a file or directory.
A Symbol
that can be returned by a matcher
function to stop the search and cause findUp
to immediately return undefined
. Useful as a performance optimization in case the current working directory is deeply nested in the filesystem.
import path from 'node:path';
import {findUp, findUpStop} from 'find-up';
await findUp(directory => {
return path.basename(directory) === 'work' ? findUpStop : 'logo.png';
});
require.resolve()
but from a given pathFAQs
Find a file or directory by walking up parent directories
The npm package find-up receives a total of 122,214,890 weekly downloads. As such, find-up popularity was classified as popular.
We found that find-up demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovered npm malware campaign mimicking popular Node.js libraries and packages from other ecosystems; packages steal data and execute remote code.
Research
Socket's research uncovers three dangerous Go modules that contain obfuscated disk-wiping malware, threatening complete data loss.
Research
Socket uncovers malicious packages on PyPI using Gmail's SMTP protocol for command and control (C2) to exfiltrate data and execute commands.