Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
graceful-fs
Advanced tools
The graceful-fs npm package is a drop-in replacement for the fs module in Node.js that offers improved error handling and queuing of file system operations to avoid EMFILE errors when too many files are opened at once. It provides a wrapper around the native fs module, smoothing out various edge cases and providing a more robust interface for file system operations.
Queueing file system operations
This feature queues file system operations to avoid EMFILE errors, which occur when too many files are opened simultaneously. The code sample demonstrates reading a file using graceful-fs, which will queue the operation if the file descriptor limit is reached.
const gracefulFs = require('graceful-fs');
gracefulFs.readFile('/path/to/file', 'utf8', (err, data) => {
if (err) throw err;
console.log(data);
});
Retrying on failure
graceful-fs will automatically retry file system operations that fail with transient errors, such as EAGAIN or EINTR. The code sample shows writing data to a file with automatic retry on failure.
const gracefulFs = require('graceful-fs');
gracefulFs.writeFile('/path/to/file', 'data', (err) => {
if (err) throw err;
console.log('File written successfully');
});
Polymorphic approach to fs methods
graceful-fs can be used as a drop-in replacement for the native fs module, providing a polymorphic approach to file system methods. The code sample demonstrates replacing the native fs.readFile with gracefulFs.readFile.
const gracefulFs = require('graceful-fs');
const fs = require('fs');
// graceful-fs can be used as a drop-in replacement
fs.readFile = gracefulFs.readFile;
fs.readFile('/path/to/file', 'utf8', (err, data) => {
if (err) throw err;
console.log(data);
});
fs-extra is a package that builds upon the native fs module, providing additional methods and ensuring consistency across different platforms. It includes all the methods from graceful-fs and adds more utility functions, such as copy, move, and remove, which are not found in graceful-fs.
node-fs-extra is a fork of fs-extra that aims to offer the same extended functionality. It is similar to graceful-fs in that it provides additional file system methods, but it also includes extra features and utilities for working with the file system.
write-file-atomic is a package that focuses on writing files atomically to prevent corruption. While graceful-fs improves general file system reliability, write-file-atomic specifically ensures that file writes are completed fully before replacing the original file, which is a narrower scope of functionality.
graceful-fs functions as a drop-in replacement for the fs module, making various improvements.
The improvements are meant to normalize behavior across different platforms and environments, and to make filesystem access more resilient to errors.
graceful-fs:
open
and readdir
calls, and retries them once
something closes if there is an EMFILE error from too many file
descriptors.lchmod
for Node versions prior to 0.6.2.fs.lutimes
if possible. Otherwise it becomes a noop.EINVAL
and EPERM
errors in chown
, fchown
or
lchown
if the user isn't root.lchmod
and lchown
become noops, if not available.read
results in EAGAIN error.On Windows, it retries renaming a file for up to one second if EACCESS
or EPERM
error occurs, likely because antivirus software has locked
the directory.
// use just like fs
var fs = require('graceful-fs')
// now go and do stuff with it...
fs.readFileSync('some-file-or-whatever')
FAQs
A drop-in replacement for fs, making various improvements.
The npm package graceful-fs receives a total of 54,409,486 weekly downloads. As such, graceful-fs popularity was classified as popular.
We found that graceful-fs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.