Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
minimatch
Advanced tools
The minimatch npm package is a minimal matching utility that implements the string pattern matching functionality, commonly known as 'globbing'. It is used to match text strings with wildcard characters, such as '*' for multiple characters or '?' for a single character. It is often used in file path matching and filtering operations.
Basic string matching
This feature allows for basic pattern matching where a string is tested against a pattern. Wildcards like '*' and '?' can be used to match multiple or single characters respectively.
"use strict";
const minimatch = require("minimatch");
// Match a literal string
console.log(minimatch("foo.js", "foo.js")); // true
// Match with a single wildcard
console.log(minimatch("foo.js", "*.js")); // true
// Match with a single character wildcard
console.log(minimatch("foo.js", "f?o.js")); // true
Negation
This feature allows patterns to be negated so that they match strings that do not match the given pattern.
"use strict";
const minimatch = require("minimatch");
// Negate the match
console.log(minimatch("foo.js", "!foo.js")); // false
console.log(minimatch("bar.js", "!foo.js")); // true
Match options
Minimatch allows for additional options to be set, such as case-insensitivity, to customize the matching behavior.
"use strict";
const minimatch = require("minimatch");
// Match with options
const options = {nocase: true};
console.log(minimatch("FOO.JS", "*.js", options)); // true
Micromatch is a faster and more efficient globbing library with a broader feature set compared to minimatch. It offers advanced pattern matching with support for multiple patterns and extended globbing features.
Glob is a package that provides pattern matching and file system operations. It is more focused on file system globbing rather than string pattern matching, but it uses minimatch under the hood for its matching capabilities.
Multimatch extends minimatch to allow for multiple patterns to be specified at once. It is useful when you need to match against an array of patterns rather than a single pattern.
Anymatch is a package that allows for matching strings against not just patterns, but also against regular expressions and functions. It provides a more flexible matching mechanism compared to minimatch.
A minimal matching utility.
This is the matching library used internally by npm.
Eventually, it will replace the C binding in node-glob.
It works by converting glob expressions into JavaScript RegExp
objects.
var minimatch = require("minimatch")
minimatch("bar.foo", "*.foo") // true!
minimatch("bar.foo", "*.bar") // false!
Supports these glob features:
**
matchingSee:
man sh
man bash
man 3 fnmatch
man 5 gitignore
While strict compliance with the existing standards is a worthwhile goal, some discrepancies exist between minimatch and other implementations, and are intentional.
If the pattern starts with a !
character, then it is negated. Set the
nonegate
flag to suppress this behavior, and treat leading !
characters normally. This is perhaps relevant if you wish to start the
pattern with a negative extglob pattern like !(a|B)
. Multiple !
characters at the start of a pattern will negate the pattern multiple
times.
If a pattern starts with #
, then it is treated as a comment, and
will not match anything. Use \#
to match a literal #
at the
start of a line, or set the nocomment
flag to suppress this behavior.
The double-star character **
is supported by default, unless the
noglobstar
flag is set. This is supported in the manner of bsdglob
and bash 4.1, where **
only has special significance if it is the only
thing in a path part. That is, a/**/b
will match a/x/y/b
, but
a/**b
will not. Note that this is different from the way that **
is
handled by ruby's Dir
class.
If an escaped pattern has no matches, and the nonull
flag is set,
then minimatch.match returns the pattern as-provided, rather than
interpreting the character escapes. For example,
minimatch.match([], "\\*a\\?")
will return "\\*a\\?"
rather than
"*a?"
. This is akin to setting the nullglob
option in bash, except
that it does not resolve escaped pattern characters.
If brace expansion is not disabled, then it is performed before any
other interpretation of the glob pattern. Thus, a pattern like
+(a|{b),c)}
, which would not be valid in bash or zsh, is expanded
first into the set of +(a|b)
and +(a|c)
, and those patterns are
checked for validity. Since those two are valid, matching proceeds.
Create a minimatch object by instanting the minimatch.Minimatch
class.
var Minimatch = require("minimatch").Minimatch
var mm = new Minimatch(pattern, options)
pattern
The original pattern the minimatch object represents.
options
The options supplied to the constructor.
set
A 2-dimensional array of regexp or string expressions.
Each row in the
array corresponds to a brace-expanded pattern. Each item in the row
corresponds to a single path-part. For example, the pattern
{a,b/c}/d
would expand to a set of patterns like:
[ [ a, d ]
, [ b, c, d ] ]
If a portion of the pattern doesn't have any "magic" in it
(that is, it's something like "foo"
rather than fo*o?
), then it
will be left as a string rather than converted to a regular
expression.
regexp
Created by the makeRe
method. A single regular expression
expressing the entire pattern. This is useful in cases where you wish
to use the pattern somewhat like fnmatch(3)
with FNM_PATH
enabled.
negate
True if the pattern is negated.
comment
True if the pattern is a comment.
empty
True if the pattern is ""
.
makeRe
Generate the regexp
member if necessary, and return it.
Will return false
if the pattern is invalid.match(fname)
Return true if the filename matches the pattern, or
false otherwise.matchOne(fileArray, patternArray, partial)
Take a /
-split
filename, and match it against a single row in the regExpSet
. This
method is mainly for internal use, but is exposed so that it can be
used by a glob-walker that needs to avoid excessive filesystem calls.All other methods are internal, and will be called as necessary.
The top-level exported function has a cache
property, which is an LRU
cache set to store 100 items. So, calling these methods repeatedly
with the same pattern and options will use the same Minimatch object,
saving the cost of parsing it multiple times.
Main export. Tests a path against the pattern using the options.
var isJS = minimatch(file, "*.js", { matchBase: true })
Returns a function that tests its
supplied argument, suitable for use with Array.filter
. Example:
var javascripts = fileList.filter(minimatch.filter("*.js", {matchBase: true}))
Match against the list of files, in the style of fnmatch or glob. If nothing is matched, and options.nonull is set, then return a list containing the pattern itself.
var javascripts = minimatch.match(fileList, "*.js", {matchBase: true}))
Make a regular expression object from the pattern.
All options are false
by default.
Dump a ton of stuff to stderr.
Do not expand {a,b}
and {1..3}
brace sets.
Disable **
matching against multiple folder names.
Allow patterns to match filenames starting with a period, even if the pattern does not explicitly have a period in that spot.
Note that by default, a/**/b
will not match a/.d/b
, unless dot
is set.
Disable "extglob" style patterns like +(a|b)
.
Perform a case-insensitive match.
When a match is not found by minimatch.match
, return a list containing
the pattern itself. When set, an empty list is returned if there are
no matches.
If set, then patterns without slashes will be matched
against the basename of the path if it contains slashes. For example,
a?b
would match the path /xyz/123/acb
, but not /xyz/acb/123
.
Suppress the behavior of treating #
at the start of a pattern as a
comment.
Suppress the behavior of treating a leading !
character as negation.
Returns from negate expressions the same as if they were not negated. (Ie, true on a hit, false on a miss.)
FAQs
a glob matcher in javascript
The npm package minimatch receives a total of 188,827,121 weekly downloads. As such, minimatch popularity was classified as popular.
We found that minimatch demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.