Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
The globby npm package is a JavaScript library that provides a convenient interface for file system pattern matching using glob patterns. It is built on top of node-glob and fast-glob, offering a powerful and flexible way to match file paths against specified patterns. It supports multiple patterns, negated patterns, and can handle file system operations asynchronously or synchronously.
Asynchronous file pattern matching
This feature allows you to match files using glob patterns asynchronously. The example code shows how to match all files in a directory and its subdirectories, excluding the 'node_modules' directory.
const globby = require('globby');
globby(['**/*', '!node_modules']).then(paths => {
console.log(paths);
});
Synchronous file pattern matching
This feature allows you to match files using glob patterns synchronously. The example code demonstrates how to perform the same operation as the asynchronous example, but in a synchronous manner.
const globby = require('globby');
const paths = globby.sync(['**/*', '!node_modules']);
console.log(paths);
Expand directories
This feature automatically expands directory patterns to match files with specified extensions. The example code matches all JavaScript and TypeScript files within the 'src' directory.
const globby = require('globby');
globby(['src/**'], { expandDirectories: ['js', 'ts'] }).then(paths => {
console.log(paths);
});
Stream interface
This feature provides a stream interface for handling large sets of matched files. The example code creates a stream that emits paths for all files in a directory and its subdirectories.
const globby = require('globby');
const stream = globby.stream('**/*');
stream.on('data', path => {
console.log(path);
});
fast-glob is a fast and efficient library for pattern matching. It is one of the underlying libraries used by globby. Compared to globby, fast-glob provides lower-level control but lacks some convenience features like negated patterns and directory expansion.
node-glob is the original glob implementation for Node.js. It is also used by globby under the hood. While it is feature-rich, globby provides a more modern and simpler API, as well as additional features like promise support and multiple pattern matching.
micromatch is a minimal matching utility that provides glob matching functionality. It is designed to be faster and more efficient than node-glob. However, globby offers a more user-friendly API and additional features like asynchronous matching and directory expansion.
User-friendly glob matching
Based on fast-glob
but adds a bunch of useful features.
['foo*', '!foobar']
foo
→ foo/**/*
.gitignore
$ npm install globby
├── unicorn
├── cake
└── rainbow
const globby = require('globby');
(async () => {
const paths = await globby(['*', '!cake']);
console.log(paths);
//=> ['unicorn', 'rainbow']
})();
Note that glob patterns can only contain forward-slashes, not backward-slashes, so if you want to construct a glob pattern from path components, you need to use path.posix.join()
instead of path.join()
.
Returns a Promise<string[]>
of matching paths.
Type: string | string[]
See supported minimatch
patterns.
Type: object
See the fast-glob
options in addition to the ones below.
Type: boolean | string[] | object
Default: true
If set to true
, globby
will automatically glob directories for you. If you define an Array
it will only glob files that matches the patterns inside the Array
. You can also define an object
with files
and extensions
like below:
const globby = require('globby');
(async () => {
const paths = await globby('images', {
expandDirectories: {
files: ['cat', 'unicorn', '*.jpg'],
extensions: ['png']
}
});
console.log(paths);
//=> ['cat.png', 'unicorn.png', 'cow.jpg', 'rainbow.jpg']
})();
Note that if you set this option to false
, you won't get back matched directories unless you set onlyFiles: false
.
Type: boolean
Default: false
Respect ignore patterns in .gitignore
files that apply to the globbed files.
Returns string[]
of matching paths.
Returns a stream.Readable
of matching paths.
Since Node.js 10, readable streams are iterable, so you can loop over glob matches in a for await...of
loop like this:
const globby = require('globby');
(async () => {
for await (const path of globby.stream('*.tmp')) {
console.log(path);
}
})();
Returns an object[]
in the format {pattern: string, options: Object}
, which can be passed as arguments to fast-glob
. This is useful for other globbing-related packages.
Note that you should avoid running the same tasks multiple times as they contain a file system cache. Instead, run this method each time to ensure file system changes are taken into consideration.
Returns a boolean
of whether there are any special glob characters in the patterns
.
Note that the options affect the results.
This function is backed by fast-glob
.
Returns a Promise<(path: string) => boolean>
indicating whether a given path is ignored via a .gitignore
file.
Takes cwd?: string
and ignore?: string[]
as options. .gitignore
files matched by the ignore config are not used for the resulting filter function.
const {gitignore} = require('globby');
(async () => {
const isIgnored = await gitignore();
console.log(isIgnored('some/file'));
})();
Returns a (path: string) => boolean
indicating whether a given path is ignored via a .gitignore
file.
Takes the same options as globby.gitignore
.
Just a quick overview.
*
matches any number of characters, but not /
?
matches a single character, but not /
**
matches any number of characters, including /
, as long as it's the only thing in a path part{}
allows for a comma-separated list of "or" expressions!
at the beginning of a pattern will negate the matchVarious patterns and expected matches.
Available as part of the Tidelift Subscription.
The maintainers of globby and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
FAQs
User-friendly glob matching
We found that globby demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.