Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
grunt-hash-files
Advanced tools
Copies files to a directory that includes a hash of the contents of those files.
Copies files to a directory that includes a hash of the contents of those files.
This plugin requires Grunt ~0.4.2
If you haven't used Grunt before, be sure to check out the Getting Started guide, as it explains how to create a Gruntfile as well as install and use Grunt plugins. Once you're familiar with that process, you may install this plugin with this command:
npm install grunt-hash-files --save-dev
Once the plugin has been installed, it may be enabled inside your Gruntfile with this line of JavaScript:
grunt.loadNpmTasks('grunt-hash-files');
In your project's Gruntfile, add a section named hash_files
to the data object passed into grunt.initConfig()
.
grunt.initConfig({
hash_files: {
options: {
// Task-specific options go here.
},
your_target: {
// Target-specific file lists and/or options go here.
},
},
});
Type: String
Default value: "sha1"
A string value that is the type of hashing algorithm to use. Must be either "sha1" or "md5".
Type: Number
Default value: undefined
The number of characters from the beginning of the hash value to use. When set to undefined, all characters are used.
Type: String
Default value: "{hash}"
The string used as a token for where the actual hash value should be replaced.
Type: String
Default: grunt.file.defaultEncoding
The file encoding to copy files with.
Type: Boolean
or Number
Default: false
Whether to copy or set the existing file permissions. Set to true
to copy the existing file permissions. Or set to the mode, i.e.: 0644
, that copied files will be set to.
In this example, the default options are used to do something with whatever. So if the testing
file has the content Testing
and the 123
file had the content 1 2 3
, the generated result would be Testing, 1 2 3.
grunt.initConfig({
hash_files: {
options: {},
files: {
'dest/{hash}/': ['src/testing', 'src/123'],
},
},
});
In this example, custom options are used to do something else with whatever else. So if the testing
file has the content Testing
and the 123
file had the content 1 2 3
, the generated result in this case would be Testing: 1 2 3 !!!
grunt.initConfig({
hash_files: {
options: {
algorithm: 'md5',
numChars: 7,
token: '\<hash\>'
},
files: {
'dest/<token>/': ['src/testing', 'src/123'],
},
},
});
Here are some additional examples, given the following file tree:
$ tree -I node_modules
.
├── Gruntfile.js
└── src
├── a
└── subdir
└── b
2 directories, 3 files
Copy a single file tree:
hash_files: {
main: {
src: 'src/*',
dest: '{hash}/'
}
},
$ grunt hash-files
Running "hash_files:main" (hash_files) task
Created 1 directories, copied 1 files
Done, without errors.
$ tree -I node_modules
.
├── Gruntfile.js
├── bdb72f90802abc542e79d0e6eb809d7ed71b0f00
│ └── src
│ ├── a
│ └── subdir
└── src
├── a
└── subdir
└── b
5 directories, 4 files
Flattening the filepath output:
hash_files: {
options: {
numChars: 8,
algorithm: 'md5'
},
main: {
expand: true,
cwd: 'src/',
src: '**',
dest: '{hash}/',
flatten: true,
filter: 'isFile'
}
},
$ grunt hash_files
Running "hash_files:main" (hash_files) task
Copied 2 files
Done, without errors.
$ tree -I node_modules
.
├── Gruntfile.js
├── 6a003f0e
│ ├── a
│ └── b
└── src
├── a
└── subdir
└── b
3 directories, 5 files
FAQs
Copies files to a directory that includes a hash of the contents of those files.
The npm package grunt-hash-files receives a total of 7 weekly downloads. As such, grunt-hash-files popularity was classified as not popular.
We found that grunt-hash-files demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.