Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Locter is a library to locate and load a file/modules regarding specific criteria.
Table of Contents
npm install locter --save
The following examples are based on some shared assumptions:
files
exists in the root directory.files
contains the following files:
Multiple
Locating multiple files will return information about all files matching the pattern.
import { locateMany } from 'locter';
(async () => {
let files = await locateMany(
'files/example.{js,.ts}'
);
console.log(files);
/*
[
{ path: 'files', name: 'example', extension: '.js'},
{ path: 'files', name: 'example', extension: '.ts'}
]
*/
files = await locateMany(
'files/*.{js,ts}'
);
console.log(files);
/*
[
{ path: 'files', name: 'example', extension: '.js'},
{ path: 'files', name: 'example', extension: '.ts'},
{ path: 'files', name: 'example-long', extension: '.ts'},
]
*/
})
A synchronous variant is also available: locateManySync
Single
Locating a single file will return information about the first file matching the pattern.
import { locate } from 'locter';
(async () => {
let file = await locate(
'files/example.{js,.ts}'
);
console.log(file);
/*
{ path: 'files', name: 'example', extension: '.js'}
*/
})
A synchronous variant is also available: locateSync
The load
method can be used to load a file/module in an asynchronous fashion.
Either a string or the output of the locate/locateSync method can be passed as argument.
import { load, locate } from 'locter';
(async () => {
const file = await locate(
'files/example.{js,.ts}'
);
let content = await load(file);
console.log(content);
// ...
content = await load('...');
console.log(content);
// ...
})
There is also a synchronous method called loadSync
to load files.
import { loadSync, locateSync } from 'locter';
(async () => {
const file = await locateSync(
'files/example.{js,.ts}'
);
let content = await loadSync(file);
console.log(content);
// ...
content = await loadSync('...');
console.log(content);
// ...
})
Two loaders are predefined from scratch and already registered:
.conf
files..json
files..yml
files..js
, .mjs
, .mts
, .cjs
, .cts
, .ts
file extensions independent of the environment (cjs or esm).To register loader for other file types, the function registerLoader
can be used.
import { registerLoader } from 'locter';
registerLoader(['.ext'], {
execute(input: string) {
},
executeSync(input: string) {
}
})
Made with 💚
Published under MIT License.
FAQs
A library to locate a file/module by criteria and load it!
We found that locter demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.