New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

node-xattr

Package Overview
Dependencies
Maintainers
1
Versions
13
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

node-xattr

[![npm version](https://badge.fury.io/js/node-xattr.svg)](https://badge.fury.io/js/node-xattr)

latest
npmnpm
Version
1.3.5
Version published
Maintainers
1
Created
Source

npm version

node-xattr

A library to manipulate xattr on macOS with Typescript support. APIs provided by this library are similar to node's fs module.

What's xattr

Extended attributes are arbitrary metadata stored with a file, but separate from the filesystem attributes (such as modification time or file size). The metadata is often a null-terminated UTF-8 string, but can also be arbitrary binary data.

Xattr is a mechanism provided by the system. With xattr, you can store your own data as attributes to file. Also, you can pass data to Finder or other apps.

For example, you can set custom icon for a file:

You can add a com.apple.quarantine xattr to make the system check the origin of the file you download:

Or you can remove this xattr on an existing file, and this window will not display.

Requirements

Runtime

  • Node.js v10+ (Electron with Node.js 10+ works)

Development

  • macOS 10.14+ with XCode

Installation

$ yarn add node-xattr

When to use the sync version

Technically, the sync version would be a little faster. Because the async version waits for a queue to schedule. Also, The sync verion is realtime, it would be an advantage in some scenarios. The disadvantage of the sync version is that it will probably block the process. So DO NOT use sync version in some UI process(such as the renderer process of Electron). The best scenario to use sync version is in background worker/process/thread.

Set xattr

setXattrSync(path: string, name: string, value: string | Buffer): void;

setXattr(path: string, name: string, value: string | Buffer): Promise<void>;

Sync

const { setXattrSync } = require('node-xattr');
setXattrSync('./test.txt', 'key', 'value');

Async

const { setXattr } = require('node-xattr');

setXattr('./test.txt', 'key', 'value').catch(err => console.error(err));

Get xattr

getXattrSync(path: string, name: string): Buffer;

getXattrSync(path: string, name: string, encoding: string): string;

getXattr(path: string, name: string): Promise<Buffer>;

getXattr(path: string, name: string, encoding: string): Promise<string>;

Sync

const { getXattrSync } = require('node-xattr');
const buffer = getXattrSync('./test.txt', 'key');
const string = getXattrSync('./test.txt', 'key', 'utf8');

Async

const { getXattr } = require('node-xattr');

getXattr('./test.txt', 'key', function (err, buffer) {
  if (err) {
    console.error(err);
    return;
  }
  console.log(buffer);
});

getXattr('./test.txt', 'key').then(buffer => console.log(buffer)).catch(err => console.error(err));

getXattr('./test.txt', 'key', 'utf8').then(str => console.log(str)).catch(err => console.error(err));

List xattr

listXattrSync(path: string): string[];

listXattr(path: string): Promise<string[]>;

Sync

const { listXattrSync } = require('node-xattr');

const list = listXattrSync('./test.txt');

Async

const { listXattr } = require('node-xattr');

listXattr('./test.txt').then(list => console.log(list)).catch(err => console.error(err));

Remove xattr

removeXattrSync(path: string, name: string): void;

removeXattr(path: string, name: string): Promise<void>;

Sync

const { removeXattrSync } = require('node-xattr');
removeXattrSync('./test.txt', 'key');

Async

const { removeXattr } = require('node-xattr');
removeXattr('./test.txt', 'key').catch(err => console.error(err));

Set Custom Icon

setCustomIcon are in macUtils namespace:

setCustomIcon(filePath: string, iconPath: string): Promise<void>;
setCustomIconSync(filePath: string, iconPath: string): void;

Sync

const { macUtils } = require('node-xattr');

macUtils.setCustomIconSync(TestFile, iconPath);

Async

const { macUtils } = require('node-xattr');
macUtils.setCustomIcon(TestFile, iconPath).catch(err => console.log(err));

Parse FileMeta

This library provide utils to parse some content written by system:

serializeArrayOfString(content: string[]): Buffer;
deserializeArrayOfString(buffer: Buffer): string[];

You can use above functions in macUtils to parse com.apple.metadata:kMDItemWhereFroms.

Keywords

macos
typescript
xattr
fs
nodejs

FAQs

Package last updated on 22 Feb 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026