Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
nest-sftp
Advanced tools
Readme
This is nest-sftp.
Nest framework module wrapper around ssh2-sftp-client
$ npm install --save nest-sftp
Register the SftpModule in you App Module.
This version uses forRootAsync
import { SftpModule } from 'nest-sftp';
@Module({
imports: [
SftpModule.forRootAsync(
{
useFactory: (configService: ConfigService) => {
return configService.getSftpConnectionInfo();
},
inject: [ConfigService],
imports: [AppModule],
},
false,
),
],
controllers: [],
providers: [ConfigService],
exports: [ConfigService],
})
export class AppModule {}
The Options object implements the ConnectConfig from ssh2.
import { SftpModule } from 'nest-sftp';
@Module({
imports: [
SftpModule.forRoot(
{
host: 'fakehost.com',
port: 22,
username: 'fakeUser',
password: '*****', // passwords should not contain \ (thy should be espaced like \\) and they cannot contain ! or (
},
false,
),
],
controllers: [],
providers: [],
})
export class AppModule {}
With debug logging:
import { SftpModule } from 'nest-sftp';
@Module({
imports: [
SftpModule.forRoot(
{
host: 'fakehost.com',
port: 22,
username: 'fakeUser',
password: '*****', // passwords should not contain \ (thy should be espaced like \\) and they cannot contain ! or (
debug: console.log, // adds logging for researching problems
},
false,
),
],
controllers: [],
providers: [],
})
export class AppModule {}
The SftpModule is global. The forRoot() method will open the connection as well during AppModule registration. Then the SftpClientService can be injected into your class.
import { SftpClientService } from 'nest-sftp';
export class AppService {
private readonly logger: Logger;
constructor(private readonly sftpClient: SftpClientService) {
logger = new Logger();
}
async download(
remotePath: string,
localPath: string,
): Promise<string | NodeJS.ReadableStream | Buffer> {
return await this.sftpClient.download(remotePath, localPath);
}
// change connection to a different user/password prior to upload
async submit(
remotePath: string,
localPath: string,
submitConfig: ConnectConfig,
): Promise<string | NodeJS.ReadableStream | Buffer> {
await this.sftpClient.resetConnection(submitConfig);
return await this.sftpClient.upload(remotePath, localPath);
}
}
Nest is an MIT-licensed open source project. It can grow thanks to the sponsors and support by the amazing backers. If you'd like to join them, please read more here.
Nest SFTP is MIT licensed.
FAQs
Nest Framework wrapper around ssh2-sftp-client
The npm package nest-sftp receives a total of 3,051 weekly downloads. As such, nest-sftp popularity was classified as popular.
We found that nest-sftp demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.