Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
global-modules-path
Advanced tools
Returns path to globally installed package.
In order to use this package you need:
npm --version
from your default terminal).The module has a single public method called getPath
. It requires at least one argument - the name of the globally installed package that you need.
In case the package is not installed, getPath
will return null.
getPath
will throw error in case the OS is NOT supported. Supported OS are:
process.platform
returns win32
)process.platform
returns darwin
)process.platform
returns linux
)Example:
let pathToPackage = require("global-modules-path").getPath("packageName");
The method returns the path to globally installed package or null. The code constructs the path based on the result of npm config get prefix
and checks if the package exists.
Example:
let pathToPackage = require("global-modules-path").getPath("packageName", "executableName");
The method returns the path to globally installed package or null. The code constructs the path based on the result of npm config get prefix
and checks if the package exists. In case the package cannot be found in this way, the executableName
is used to determine if the package is globally installed.
where executableName
command and parses the result.ls -l executableName
and which executableName
and parses the results.NOTE: In some cases the executable name is not the same as the package name.
FAQs
Returns path to globally installed package
The npm package global-modules-path receives a total of 27,078 weekly downloads. As such, global-modules-path popularity was classified as popular.
We found that global-modules-path demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.