Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The 'klaw' npm package is a file system walker that allows you to recursively traverse directories and perform actions on files and directories. It is useful for tasks such as file searching, filtering, and processing.
Recursively Traverse Directories
This feature allows you to recursively traverse directories starting from a specified path. The code sample demonstrates how to use 'klaw' to log the path of each file and directory it encounters.
const klaw = require('klaw');
const path = require('path');
klaw('/some/dir')
.on('data', item => console.log(item.path))
.on('end', () => console.log('All done!'));
Filter Files and Directories
This feature allows you to filter files and directories based on a custom function. The code sample demonstrates how to use 'klaw' to only log the paths of JavaScript files.
const klaw = require('klaw');
const path = require('path');
const filterFunc = item => path.extname(item) === '.js';
klaw('/some/dir', { filter: filterFunc })
.on('data', item => console.log(item.path))
.on('end', () => console.log('All done!'));
Handle Errors
This feature allows you to handle errors that occur during the directory traversal. The code sample demonstrates how to use 'klaw' to log errors to the console.
const klaw = require('klaw');
const path = require('path');
klaw('/some/dir')
.on('data', item => console.log(item.path))
.on('error', err => console.error('Error:', err))
.on('end', () => console.log('All done!'));
The 'readdirp' package is another file system walker that allows you to recursively read directories and filter files. It provides a similar functionality to 'klaw' but with a different API. 'readdirp' is known for its simplicity and ease of use.
The 'walk' package is a file system walker that allows you to traverse directories and perform actions on files and directories. It provides a similar functionality to 'klaw' but with a more event-driven API. 'walk' is known for its flexibility and customization options.
The 'node-dir' package provides functions to read directories and files recursively. It offers similar functionalities to 'klaw' but with a more straightforward API. 'node-dir' is known for its simplicity and ease of integration.
A Node.js file system walker extracted from fs-extra.
npm i --save klaw
If you're using Typescript, we've got types:
npm i --save-dev @types/klaw
klaw
is walk
backwards :p
If you need the same functionality but synchronous, you can use klaw-sync.
Returns a Readable stream that iterates
through every file and directory starting with dir
as the root. Every read()
or data
event
returns an object with two properties: path
and stats
. path
is the full path of the file and
stats
is an instance of fs.Stats.
directory
: The directory to recursively walk. Type string
.options
: Readable stream options and
the following:
queueMethod
(string
, default: 'shift'
): Either 'shift'
or 'pop'
. On readdir()
array, call either shift()
or pop()
.pathSorter
(function
, default: undefined
): Sorting function for Arrays.fs
(object
, default: graceful-fs
): Use this to hook into the fs
methods or to use mock-fs
filter
(function
, default: undefined
): Filtering function for ArraysdepthLimit
(number
, default: undefined
): The number of times to recurse before stopping. -1 for unlimited.Streams 1 (push) example:
const klaw = require('klaw')
const items = [] // files, directories, symlinks, etc
klaw('/some/dir')
.on('data', item => items.push(item.path))
.on('end', () => console.dir(items)) // => [ ... array of files]
Streams 2 & 3 (pull) example:
const klaw = require('klaw')
const items = [] // files, directories, symlinks, etc
klaw('/some/dir')
.on('readable', function () {
let item
while ((item = this.read())) {
items.push(item.path)
}
})
.on('end', () => console.dir(items)) // => [ ... array of files]
Listen for the error
event.
Example:
const klaw = require('klaw')
klaw('/some/dir')
.on('readable', function () {
let item
while ((item = this.read())) {
// do something with the file
}
})
.on('error', (err, item) => {
console.log(err.message)
console.log(item.path) // the file the error occurred on
})
.on('end', () => console.dir(items)) // => [ ... array of files]
On many occasions you may want to filter files based upon size, extension, etc. Or you may want to aggregate stats on certain file types. Or maybe you want to perform an action on certain file types.
You should use the module through2
to easily
accomplish this.
Install through2
:
npm i --save through2
Example (skipping directories):
const klaw = require('klaw')
const through2 = require('through2')
const excludeDirFilter = through2.obj(function (item, enc, next) {
if (!item.stats.isDirectory()) this.push(item)
next()
})
const items = [] // files, directories, symlinks, etc
klaw('/some/dir')
.pipe(excludeDirFilter)
.on('data', item => items.push(item.path))
.on('end', () => console.dir(items)) // => [ ... array of files without directories]
Example (ignore hidden directories):
const klaw = require('klaw')
const path = require('path')
const filterFunc = item => {
const basename = path.basename(item)
return basename === '.' || basename[0] !== '.'
}
klaw('/some/dir', { filter: filterFunc })
.on('data', item => {
// only items of none hidden folders will reach here
})
Example (totaling size of PNG files):
const klaw = require('klaw')
const path = require('path')
const through2 = require('through2')
let totalPngsInBytes = 0
const aggregatePngSize = through2.obj(function (item, enc, next) {
if (path.extname(item.path) === '.png') {
totalPngsInBytes += item.stats.size
}
this.push(item)
next()
})
klaw('/some/dir')
.pipe(aggregatePngSize)
.on('data', item => items.push(item.path))
.on('end', () => console.dir(totalPngsInBytes)) // => total of all pngs (bytes)
Example (deleting all .tmp files):
const fs = require('fs')
const klaw = require('klaw')
const through2 = require('through2')
const deleteAction = through2.obj(function (item, enc, next) {
this.push(item)
if (path.extname(item.path) === '.tmp') {
item.deleted = true
fs.unlink(item.path, next)
} else {
item.deleted = false
next()
}
})
const deletedFiles = []
klaw('/some/dir')
.pipe(deleteAction)
.on('data', item => {
if (!item.deleted) return
deletedFiles.push(item.path)
})
.on('end', () => console.dir(deletedFiles)) // => all deleted files
You can even chain a bunch of these filters and aggregators together. By using multiple pipes.
Example (using multiple filters / aggregators):
klaw('/some/dir')
.pipe(filterCertainFiles)
.pipe(deleteSomeOtherFiles)
.on('end', () => console.log('all done!'))
Example passing (piping) through errors:
Node.js does not pipe()
errors. This means that the error on one stream, like
klaw
will not pipe through to the next. If you want to do this, do the following:
const klaw = require('klaw')
const through2 = require('through2')
const excludeDirFilter = through2.obj(function (item, enc, next) {
if (!item.stats.isDirectory()) this.push(item)
next()
})
const items = [] // files, directories, symlinks, etc
klaw('/some/dir')
.on('error', err => excludeDirFilter.emit('error', err)) // forward the error on
.pipe(excludeDirFilter)
.on('data', item => items.push(item.path))
.on('end', () => console.dir(items)) // => [ ... array of files without directories]
Pass in options for queueMethod
, pathSorter
, and depthLimit
to affect how the file system
is recursively iterated. See the code for more details, it's less than 50 lines :)
MIT
Copyright (c) 2015 JP Richardson
FAQs
File system walker with Readable stream interface.
The npm package klaw receives a total of 4,060,696 weekly downloads. As such, klaw popularity was classified as popular.
We found that klaw demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.