Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
ignore-walk
Advanced tools
The ignore-walk npm package is a Node.js library used to create a list of files in a directory tree while honoring .ignore rules, similar to how tools like git and npm ignore files based on .gitignore or .npmignore files. It is particularly useful for applications that need to process file trees while excluding files that should be ignored according to specified patterns.
Walking a directory while respecting .ignore files
This feature allows you to walk through a directory and list all files that are not excluded by the ignore rules specified in .ignore files such as .gitignore. The function returns a promise that resolves with the list of files.
const IgnoreWalk = require('ignore-walk');
IgnoreWalk({
path: './path/to/directory',
ignoreFiles: ['.gitignore']
}).then(files => {
console.log('Files:', files);
}).catch(err => {
console.error('Error:', err);
});
The 'glob' package provides functionality to match files using the patterns the shell uses, like stars and stuff. It can be configured to ignore files based on patterns, which is similar to ignore-walk, but glob is more focused on pattern matching rather than strictly interpreting .ignore files.
Findit is another Node.js module that walks the file system recursively. It can be used to find files and directories, but unlike ignore-walk, it does not natively support ignoring files based on .ignore files, requiring manual handling of such functionality.
Nested/recursive .gitignore
/.npmignore
parsing and filtering.
Walk a directory creating a list of entries, parsing any .ignore
files met along the way to exclude files.
const walk = require('ignore-walk')
// All options are optional, defaults provided.
// this function returns a promise, but you can also pass a cb
// if you like that approach better.
walk({
path: '...', // root dir to start in. defaults to process.cwd()
ignoreFiles: [ '.gitignore' ], // list of filenames. defaults to ['.ignore']
includeEmpty: true|false, // true to include empty dirs, default false
follow: true|false // true to follow symlink dirs, default false
}, callback)
// to walk synchronously, do it this way:
const result = walk.sync({ path: '/wow/such/filepath' })
If you want to get at the underlying classes, they're at walk.Walker
and walk.WalkerSync
.
path
The path to start in. Defaults to process.cwd()
ignoreFiles
Filenames to treat as ignore files. The default is
['.ignore']
. (This is where you'd put .gitignore
or
.npmignore
or whatever.) If multiple ignore files are in a
directory, then rules from each are applied in the order that the
files are listed.
includeEmpty
Set to true
to include empty directories, assuming
they are not excluded by any of the ignore rules. If not set, then
this follows the standard git
behavior of not including
directories that are empty.
Note: this will cause an empty directory to be included if it would contain an included entry, even if it would have otherwise been excluded itself.
For example, given the rules *
(ignore everything) and !/a/b/c
(re-include the entry at /a/b/c
), the directory /a/b
will be
included if it is empty.
follow
Set to true
to treat symbolically linked directories as
directories, recursing into them. There is no handling for nested
symlinks, so ELOOP
errors can occur in some cases when using this
option. Defaults to false
.
7.0.0 (2024-09-03)
ignore-walk
now supports node ^18.17.0 || >=20.5.0
FAQs
Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.
The npm package ignore-walk receives a total of 9,485,429 weekly downloads. As such, ignore-walk popularity was classified as popular.
We found that ignore-walk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.