Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The globby npm package is a JavaScript library that provides a convenient interface for file system pattern matching using glob patterns. It is built on top of node-glob and fast-glob, offering a powerful and flexible way to match file paths against specified patterns. It supports multiple patterns, negated patterns, and can handle file system operations asynchronously or synchronously.
Asynchronous file pattern matching
This feature allows you to match files using glob patterns asynchronously. The example code shows how to match all files in a directory and its subdirectories, excluding the 'node_modules' directory.
const globby = require('globby');
globby(['**/*', '!node_modules']).then(paths => {
console.log(paths);
});
Synchronous file pattern matching
This feature allows you to match files using glob patterns synchronously. The example code demonstrates how to perform the same operation as the asynchronous example, but in a synchronous manner.
const globby = require('globby');
const paths = globby.sync(['**/*', '!node_modules']);
console.log(paths);
Expand directories
This feature automatically expands directory patterns to match files with specified extensions. The example code matches all JavaScript and TypeScript files within the 'src' directory.
const globby = require('globby');
globby(['src/**'], { expandDirectories: ['js', 'ts'] }).then(paths => {
console.log(paths);
});
Stream interface
This feature provides a stream interface for handling large sets of matched files. The example code creates a stream that emits paths for all files in a directory and its subdirectories.
const globby = require('globby');
const stream = globby.stream('**/*');
stream.on('data', path => {
console.log(path);
});
fast-glob is a fast and efficient library for pattern matching. It is one of the underlying libraries used by globby. Compared to globby, fast-glob provides lower-level control but lacks some convenience features like negated patterns and directory expansion.
node-glob is the original glob implementation for Node.js. It is also used by globby under the hood. While it is feature-rich, globby provides a more modern and simpler API, as well as additional features like promise support and multiple pattern matching.
micromatch is a minimal matching utility that provides glob matching functionality. It is designed to be faster and more efficient than node-glob. However, globby offers a more user-friendly API and additional features like asynchronous matching and directory expansion.
User-friendly glob matching
Based on fast-glob
but adds a bunch of useful features.
['foo*', '!foobar']
foo
→ foo/**/*
.gitignore
and similar ignore config filesURL
as cwd
$ npm install globby
├── unicorn
├── cake
└── rainbow
import {globby} from 'globby';
const paths = await globby(['*', '!cake']);
console.log(paths);
//=> ['unicorn', 'rainbow']
Note that glob patterns can only contain forward-slashes, not backward-slashes, so if you want to construct a glob pattern from path components, you need to use path.posix.join()
instead of path.join()
.
Returns a Promise<string[]>
of matching paths.
Type: string | string[]
See supported minimatch
patterns.
Type: object
See the fast-glob
options in addition to the ones below.
Type: boolean | string[] | object
Default: true
If set to true
, globby
will automatically glob directories for you. If you define an Array
it will only glob files that matches the patterns inside the Array
. You can also define an object
with files
and extensions
like below:
import {globby} from 'globby';
(async () => {
const paths = await globby('images', {
expandDirectories: {
files: ['cat', 'unicorn', '*.jpg'],
extensions: ['png']
}
});
console.log(paths);
//=> ['cat.png', 'unicorn.png', 'cow.jpg', 'rainbow.jpg']
})();
Note that if you set this option to false
, you won't get back matched directories unless you set onlyFiles: false
.
Type: boolean
Default: false
Respect ignore patterns in .gitignore
files that apply to the globbed files.
Type: string | string[]
Default: undefined
Glob patterns to look for ignore files, which are then used to ignore globbed files.
This is a more generic form of the gitignore
option, allowing you to find ignore files with a compatible syntax. For instance, this works with Babel's .babelignore
, Prettier's .prettierignore
, or ESLint's .eslintignore
files.
Returns string[]
of matching paths.
Returns a stream.Readable
of matching paths.
Since Node.js 10, readable streams are iterable, so you can loop over glob matches in a for await...of
loop like this:
import {globbyStream} from 'globby';
(async () => {
for await (const path of globbyStream('*.tmp')) {
console.log(path);
}
})();
Returns an Promise<object[]>
in the format {patterns: string[], options: Object}
, which can be passed as arguments to fast-glob
. This is useful for other globbing-related packages.
Note that you should avoid running the same tasks multiple times as they contain a file system cache. Instead, run this method each time to ensure file system changes are taken into consideration.
Returns an object[]
in the format {patterns: string[], options: Object}
, which can be passed as arguments to fast-glob
. This is useful for other globbing-related packages.
Takes the same arguments as generateGlobTasks
.
Returns a boolean
of whether there are any special glob characters in the patterns
.
Note that the options affect the results.
This function is backed by fast-glob
.
Returns a Promise<(path: URL | string) => boolean>
indicating whether a given path is ignored via a .gitignore
file.
Takes cwd?: URL | string
as options.
import {isGitIgnored} from 'globby';
const isIgnored = await isGitIgnored();
console.log(isIgnored('some/file'));
Returns a (path: URL | string) => boolean
indicating whether a given path is ignored via a .gitignore
file.
Takes cwd?: URL | string
as options.
Just a quick overview.
*
matches any number of characters, but not /
?
matches a single character, but not /
**
matches any number of characters, including /
, as long as it's the only thing in a path part{}
allows for a comma-separated list of "or" expressions!
at the beginning of a pattern will negate the matchVarious patterns and expected matches.
Available as part of the Tidelift Subscription.
The maintainers of globby and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
FAQs
User-friendly glob matching
The npm package globby receives a total of 59,556,202 weekly downloads. As such, globby popularity was classified as popular.
We found that globby demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.