Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The 'junk' npm package is a small utility that helps in filtering out system files and other non-essential files from an array of filenames. It is particularly useful when dealing with file listings that may include unwanted files like '.DS_Store' on macOS or 'Thumbs.db' on Windows.
Filter out junk files from a list
This feature allows you to remove common system-generated files from an array of filenames, ensuring that only relevant files are processed or displayed.
const junk = require('junk');
const files = ['file1.txt', '.DS_Store', 'file2.txt', 'Thumbs.db'];
const cleanFiles = files.filter(junk.not);
console.log(cleanFiles); // Output: ['file1.txt', 'file2.txt']
Identify if a file is considered junk
This function checks if a single filename is considered 'junk' by comparing it against a predefined list of junk file names.
const junk = require('junk');
console.log(junk.is('.DS_Store')); // Output: true
console.log(junk.is('file1.txt')); // Output: false
Similar to 'junk', the 'ignore' package is used to manage and filter files based on rules specified in a .gitignore file. While 'junk' specifically filters out system and hidden files, 'ignore' provides a more flexible approach allowing users to define custom patterns for what should be ignored.
The 'glob' package provides functionality to match file paths against specified patterns. Although it's not specifically for filtering out junk files, it can be configured to exclude certain patterns similar to junk files, offering a broader file filtering capability compared to 'junk'.
Filter out system junk files like
.DS_Store
andThumbs.db
$ npm install junk
import fs from 'node:fs/promises';
import {isNotJunk} from 'junk';
const files = await fs.readdir('some/path');
console.log(files);
//=> ['.DS_Store', 'test.jpg']
console.log(files.filter(isNotJunk));
//=> ['test.jpg']
Returns true
if filename
matches a junk file.
Returns true
if filename
does not match a junk file.
Regex used for matching junk files.
FAQs
Filter out system junk files like .DS_Store and Thumbs.db
We found that junk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.