Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
glob-promise
Advanced tools
The glob-promise package is a wrapper for the 'glob' library that provides a way to use glob functionality with promises instead of callbacks. This allows for better integration with modern JavaScript's async/await syntax and improves the readability and maintainability of asynchronous file pattern matching code.
Asynchronous file pattern matching
Use glob patterns to asynchronously find files and directories in your project that match the given pattern. The function returns a promise that resolves with an array of matching paths.
const glob = require('glob-promise');
async function findFiles(pattern) {
try {
const files = await glob(pattern);
console.log(files);
} catch (error) {
console.error('Error matching files:', error);
}
}
findFiles('**/*.js');
Synchronous file pattern matching
Provides a synchronous method to perform file pattern matching, which can be useful in scenarios where asynchronous operations are not possible or desired.
const glob = require('glob-promise');
function findFilesSync(pattern) {
try {
const files = glob.sync(pattern);
console.log(files);
} catch (error) {
console.error('Error matching files:', error);
}
}
findFilesSync('**/*.js');
Options customization
Allows customization of the file matching process by passing an options object. This can include ignoring certain patterns, specifying the root directory, and more.
const glob = require('glob-promise');
async function findFilesWithIgnores(pattern, ignores) {
const options = { ignore: ignores };
try {
const files = await glob(pattern, options);
console.log(files);
} catch (error) {
console.error('Error matching files:', error);
}
}
findFilesWithIgnores('**/*.js', ['node_modules/**']);
fast-glob is an alternative to glob-promise that is focused on speed and efficiency. It supports promises and async/await out of the box and offers a similar API. It is often faster due to its use of optimized algorithms and filesystem caching.
node-glob, also known as simply 'glob', is the underlying library that glob-promise wraps. It provides the core functionality of file pattern matching but uses a callback-based API instead of promises.
tiny-glob is a minimalistic file globbing library that is designed to be small and fast. It supports an async API but does not have as many features as glob-promise or fast-glob, making it a good choice for simpler use cases or environments where bundle size is a concern.
Match files using the patterns the shell uses, like stars and stuff.
[!IMPORTANT]
Glob has native Promise support as ofv9.0.0
, please use it directly. I will not issue a deprecation notice on this package, because I can't deal with the volume of angry tickets that will follow.
npm install glob-promise glob
glob
is set as a peerDependency
in package.json
npm
>= 7 will automatically install peerDependencies
npm
<= 6 will not automatically install peerDependencies
.You will need to manually add glob
as a dependency to your project for glob-promise
to work.
glob(pattern [, options])
Alias for glob.promise
glob.promise(pattern [, options])
pattern: String
(glob pattern)
options: Object
or String
Return: Object
(Promise)
When it finishes, it will be fulfilled with an Array
of filenames as its first argument.
When it fails to read the files, it will be rejected with an error as its first argument.
glob('**/*')
.then(function(contents) {
contents; //=> ['lorem', 'ipsum', 'dolor']
});
glob('{foo,bar.baz}.txt', { nobrace: true })
.then(function(contents) {
contents; //=> []
});
glob.glob(pattern [, options], cb)
see
glob
glob.sync(pattern [, options])
see
glob.sync()
glob.hasMagic(pattern, [options])
see
glob.hasMagic()
Class: glob.Glob
see
Glob
The option object will be directly passed to glob.
Author: Ahmad Nassri • Twitter: @AhmadNassri
FAQs
Promise version of glob
The npm package glob-promise receives a total of 3,011,058 weekly downloads. As such, glob-promise popularity was classified as popular.
We found that glob-promise demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.