Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
npm install -g findup
Find up a file in ancestor's dir
.
├── config.json
└── f
└── e
└── d
└── c
├── b
│ └── a
└── config.json
findup(dir, fileName, callback)
findup(dir, iterator, callback) with iterator(dir, cb)
where cb only accept true
or false
var findup = require('findup');
findup(__dirname + '/f/e/d/c/b/a', 'config.json', function(err, dir){
// if(e) e === new Error('not found')
// dir === '/f/e/d/c'
});
or
findup(__dirname + '/f/e/d/c/b/a', function(dir, cb){
require('path').exists(dir + '/config.json', cb);
}, function(err, dir){
// if(e) e === new Error('not found')
// dir === '/f/e/d/c'
});
findup(dir, fileName)
var findup = require('findup');
var fup = findup(__dirname + '/f/e/d/c/b/a', 'config.json');
findup(dir, iterator) with iterator(dir, cb)
where cb only accept true
or false
var findup = require('findup');
var fup = findup(__dirname + '/f/e/d/c/b/a', function(dir, cb){
require('path').exists(dir + '/config.json', cb);
});
findup return an EventEmitter. 3 events are emitted: found
, error
, end
found
event is emitted each time a file is found.
You can stop the traversing by calling stop
manually.
fup.on('found', function(dir){
// dir === '/f/e/d/c'
fup.stop();
});
error
event is emitted when error happens
fup.on('error', function(e){
// if(e) e === new Error('not found')
});
end
event is emitted at the end of the traversing or after stop()
is
called.
fup.on('end', function(){
// happy end
});
findup(dir, fileName)
findup(dir, iteratorSync) with iteratorSync
return true
or false
var findup = require('findup');
try{
var dir = findup.sync(__dirname + '/f/e/d/c/b/a', 'config.json'); // dir === '/f/e/d/c'
}catch(e){
// if(e) e === new Error('not found')
}
npm install -g findup
$ cd test/fixture/f/e/d/c/b/a/
$ findup package.json
/root/findup/package.json
Usage
$ findup -h
Usage: findup [FILE]
--name, -n The name of the file to found
--dir, -d The directoy where we will start walking up $PWD
--help, -h show usage false
--verbose, -v print log false
FAQs
Walk up ancester's dir up to root
The npm package findup receives a total of 237,081 weekly downloads. As such, findup popularity was classified as popular.
We found that findup demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.