Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
gulp-webdav-sync
Advanced tools
curl -T "index.js" http://<user>:<pass>@localhost:8000/
curl -X MKCOL http://<user>:<pass>@localhost:8000/dir/
Pass a URL argument indicating a directory/collection on a WebDAV server. Include any HTTP authentication inline or in the options argument. HTTPS authentication must go in the options argument. Pipe to this module instead of gulp.dest()
.
var webdav = require( 'gulp-webdav-sync' )
// put index.js to http://localhost:8000/js/index.js
gulp.task( 'deploy', function () {
return gulp.src( 'index.js' )
.pipe( webdav( 'http://<user>:<pass>@localhost:8000/js/' ) )
} )
Extend a request options object. See request's documention for HTTP authentication, and TLS authentication/verification.
var webdav = require( 'gulp-webdav-sync' )
// put index.js to http://localhost:8000/js/index.js
gulp.task( 'deploy', function () {
var options = {
protocol: 'http:'
, auth: {
'user': '<user>'
, 'pass': '<pass>'
, 'sendImmediately': false // use http digest authentication
}
, hostname: 'localhost'
, port: 8000
, pathname: '/js/'
, log: 'info' // show status codes
, logAuth: true // show credentials in urls
}
return gulp.src( 'index.js' )
.pipe( webdav( options ) )
} )
Suppose the following directory tree,
and this destination,
use the 'base'
option to constrain the localpath mapping,
var webdav = require( 'gulp-webdav-sync' )
gulp.task( 'deploy', function () {
var options = {
'base': 'dist'
, 'log': 'info'
, 'port': 8000
}
return gulp.src( 'dist/**' )
.pipe( webdav( options ) )
} )
otherwise, the result is this.
By combining methods, most cases can be satisfied, however deleting directories may be inconsistent.
If any file changes or there is a creation in the path, then gulp.watch
will re-stream all files.
The uselastmodified
option ( default ) compares the local time to the server time so as to only upload updates.
Deletes emit a different object; not in the stream, but with a change
event.
browser-sync, npmconf, and .npmrc for a save-sync-reload solution.
npm set dav http://user:pass@localhost:8000/js/
var browserSync = require( 'browser-sync' ).create()
var webdav = require( 'gulp-webdav-sync' )
var npmconf = require( 'npmconf' )
var paths = {
'js': [ '*.js', '!gulpfile.js' ]
}
var href
var options = {
'log': 'info'
}
gulp.task( 'default', [ 'deploy' ], function () {
browserSync.init( { proxy: href } )
gulp.watch( paths.js, [ 'deploy' ] )
.on( 'change', webdav( href, options ).watch )
.on( 'change', browserSync.reload )
} )
gulp.task( 'deploy', [ 'load-npmrc' ], function () {
return gulp.src( paths.js )
.pipe( webdav( href, options ) )
} )
gulp.task( 'load-npmrc', function ( cb ) {
npmconf.load( null, function() {
if ( npmconf.loaded.sources.user ) {
href = npmconf.loaded.sources.user.data.dav
}
cb()
} )
} )
gulp-watch uses a different strategy of extending the file objects in stream.
It re-emits created, modified, and deleted files.
Delete/'unlink'
type events are attempted on the server as well.
var browserSync = require( 'browser-sync' ).create()
var watch = require( 'gulp-watch' )
var webdav = require( 'gulp-webdav-sync' )
var paths = {
'js': [ '*.js', '!gulpfile.js' ]
}
var href = 'http://localhost'
gulp.task( 'deploy', function () {
browserSync.init( { proxy: href } )
return gulp.src( paths.js )
.pipe( watch( paths.js ) )
.pipe( webdav( href, { log: 'info' } ) )
.pipe( browserSync.stream() )
} )
Target is a URL-type parameter whereto files are uploaded. It must specify a directory ( also known as a "collection" ). At a minimum this must be DAV root, but subdirectories may be included ( e.g. project name ). Part-wise definition across multiple arguments is undefined. Use the http:
or https:
scheme, not dav:
.
Deletes all resources under href
.
Callback adapter for 'change'
events from gulp.watch
. Only handles type: 'deleted'
events. gulp.src
does not push deleted files; use this or gulp-watch instead. Calls back regardless of event.type
.
Optional, asynchronous, callback function.
Type: Function
Default: undefined
glob-watcher event.
{
type: 'deleted'
, path: '/absolute/path.ext'
}
Type: Object
Default: undefined
Type: String
Default: undefined
Superset of request options parameter. If any URL properties are defined, then protocol
, hostname
, and pathname
are assigned to http://localhost/
.
If options.agent
is undefined
, then a http[s] agent will be created for the stream.
Type: Object
Default:
{
'clean': false
, 'headers': { 'User-Agent': PLUGIN_NAME + '/' + VERSION }
, 'log': 'error'
, 'logAuth': false
, 'base': process.cwd()
, 'uselastmodified': 1000
}
Relative or absolute path which halves the source path [vinyl.path
] for appending the subsequent to the DAV destination URI. Use with glob **
to prevent super-directories from being created on the destination. e.g. gulp.src( 'dist/**' )
.
Type: String
Default: process.cwd()
Deletes corresponding resources on server instead of uploading. Note, glob star-star will delete directories before contents are pushed.
Type: Boolean
Default: false
Logging threshold. Orthogonal to the console
methods.
string | output |
---|---|
'error' | |
'warn' | |
'info' | HTTP Responses |
'log' | Debug |
Type: String
Default: 'error'
Display credentials in logged URLs.
Type: Boolean
Default: false
Compare remote getlastmodified
versus local ( changed ) ctime
.
Only PUT
if ctime
is newer than getlastmodified
.
Numeric value in milliseconds is the tolerance interval for qualifying client-server synchronization.
Set to false to disable.
Type: Number
Default: 1000
ms
OpenSSL is required to generate certificates for unit testing.
cd gulp-webdav-sync
npm install
npm test
npm set dav http://<user>:<pass>@localhost:8000/
gulp
FAQs
Deploy files and folders via WebDAV
The npm package gulp-webdav-sync receives a total of 103 weekly downloads. As such, gulp-webdav-sync popularity was classified as not popular.
We found that gulp-webdav-sync demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.