Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
list-github-dir-content
Advanced tools
List all the files in a GitHub repo’s directory
$ npm install list-github-dir-content
const listContent = require('list-github-dir-content');
const myToken = '000'; // https://github.com/settings/tokens
// They have the same output
const filesArray = await listContent.viaTreesApi({
user: 'microsoft',
repository: 'vscode',
directory: 'src',
token: myToken
});
// OR
const filesArray = await listContent.viaContentsApi({
user: 'microsoft',
repository: 'vscode',
directory: 'src',
token: myToken
});
// OR
const filesArray = await listContent.viaContentsApi({
user: 'microsoft',
repository: 'vscode',
ref: 'master',
directory: 'src',
token: myToken
});
// ['src/file.js', 'src/styles/main.css', ...]
// listContent.viaTreesApi also adds a `truncated` property
if (filesArray.truncated) {
// Perhaps try with viaContentsApi?
}
Both methods return a Promise that resolves with an array of all the files in the chosen directory. They just vary in GitHub API method used. The paths will be relative to root (i.e. if directory
is dist/images
, the array will be ['dist/images/1.png', 'dist/images/2.png']
)
viaTreesApi
is preferred when there are a lot of nested directories. This will try to make a single HTTPS request for the whole repo, regardless of what directory was picked. On big repos this may be of a few megabytes. (GitHub API v3 reference)
viaContentsApi
is preferred when you're downloading a small part of a huge repo. This will make a request for each subfolder requested, which may mean dozens or hundreds of HTTPS requests. (GitHub API v3 reference)
Notice: while they work differently, they have the same output if no limit was reached.
Known issues:
viaContentsApi
is limited to 1000 files per directoryviaTreesApi
is limited to around 60,000 files per repoThe following properties are available on the options
object:
Type: string
GitHub user or organization, such as microsoft
.
Type: string
The user's repository to read, like vscode
.
Type: string
Default: "HEAD"
The reference to use, for example a pointer ("HEAD"
), a branch name ("master"
) or a commit hash ("71705e0"
).
Type: string
The directory to download, like docs
or dist/images
Type: string
A GitHub personal token, get one here: https://github.com/settings/tokens
Type: boolean
Default: false
When set to true
, an array of metadata objects is returned instead of an array of file paths. Note that the metadata objects of viaTreesApi
and viaContentsApi
are different.
Take a look at the docs for either the Git Trees API and the Contents API to see how the respective metadata is structured.
MIT © Federico Brigante
FAQs
List all the files in a GitHub repo’s directory
The npm package list-github-dir-content receives a total of 1,365 weekly downloads. As such, list-github-dir-content popularity was classified as popular.
We found that list-github-dir-content demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.