Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
glob-whatev
Advanced tools
A quick and dirty synchronous file globbing utility based on minimatch.
I wanted to make grunt work on Windows. Unfortunately, node-glob doesn't work on Windows, and miniglob isn't synchronous. And this needed to be synchronous.
This library works with any path that minimatch supports, and is the core of the grunt wildcard globbing methods.
To be fair, this library isn't terribly efficient. But that's ok, because it's mainly used with relatively small folder structures. Maybe someone will help improve this library (patches welcome!). Or maybe even write a better library, and then I'll use that instead. But for now, this works just fine.
First, install the module with: npm install glob-whatev
var globsync = require('glob-whatev');
// Relative patterns are matched against the current working directory.
globsync.glob('foo/**/*.js').forEach(function(filepath) {
// do stuff with `filepath`
});
// Basically, it works like this.
globsync.glob(globPattern [, minimatchOptions])
// Also, minimatch is exposed in case you just want to match patterns, eg.
var isJS = globsync.minimatch(file, '*.js', {matchBase: true});
In lieu of a formal styleguide, take care to maintain the existing coding style. Add unit tests for any new or changed functionality. Lint and test your code using grunt.
options.cwd
option to allow searching from a different base directory than process.cwd()
. Added options.maxDepth
unit tests.matchBase
minimatch option with simple patterns would fail.Copyright (c) 2012 "Cowboy" Ben Alman
Licensed under the MIT license.
http://benalman.com/about/license/
FAQs
A quick and dirty file globbing utility based on minimatch.
We found that glob-whatev demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.