Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The 'pathe' npm package is a utility library for handling and manipulating file paths in Node.js. It provides a variety of functions to work with file paths in a more convenient and readable way.
Join Paths
The 'join' function concatenates multiple path segments into a single path, normalizing the resulting path.
const { join } = require('pathe');
const fullPath = join('/foo', 'bar', 'baz/asdf', 'quux', '..');
console.log(fullPath); // '/foo/bar/baz/asdf'
Resolve Paths
The 'resolve' function resolves a sequence of paths or path segments into an absolute path.
const { resolve } = require('pathe');
const resolvedPath = resolve('foo/bar', '/tmp/file/', '..', 'a/../subfile');
console.log(resolvedPath); // '/tmp/subfile'
Normalize Paths
The 'normalize' function normalizes the given path, resolving '..' and '.' segments.
const { normalize } = require('pathe');
const normalizedPath = normalize('/foo/bar//baz/asdf/quux/..');
console.log(normalizedPath); // '/foo/bar/baz/asdf'
Get Directory Name
The 'dirname' function returns the directory name of a path.
const { dirname } = require('pathe');
const dirName = dirname('/foo/bar/baz/asdf/quux');
console.log(dirName); // '/foo/bar/baz/asdf'
Get Base Name
The 'basename' function returns the last portion of a path, typically the file name.
const { basename } = require('pathe');
const baseName = basename('/foo/bar/baz/asdf/quux.html');
console.log(baseName); // 'quux.html'
Get Extension Name
The 'extname' function returns the extension of the path, from the last occurrence of the '.' character to end of string in the last portion of the path.
const { extname } = require('pathe');
const extName = extname('index.html');
console.log(extName); // '.html'
The 'path' module is a built-in Node.js module that provides utilities for working with file and directory paths. It offers similar functionalities to 'pathe' such as joining, resolving, normalizing paths, and extracting directory names, base names, and extensions. 'pathe' can be seen as an enhanced version of the 'path' module with additional features and improvements.
The 'upath' package is a utility for working with file paths across different operating systems. It ensures consistent path handling regardless of the platform. 'upath' offers similar functionalities to 'pathe' but focuses more on cross-platform compatibility.
The 'path-to-regexp' package is used to convert paths to regular expressions, which can be useful for routing and matching URL patterns. While it provides some path manipulation capabilities, its primary focus is on pattern matching, making it somewhat different from 'pathe'.
Universal filesystem path utils
❓ Why
For historical reasons, windows followed MS-DOS and using backslash for separating paths rather than slash used for macOS, Linux, and other Posix operating systems. Nowadays, Windows supports both Slash and Backslash for paths. Node.js's built in
path
module in the default operation of the path module varies based on the operating system on which a Node.js application is running. Specifically, when running on a Windows operating system, the path module will assume that Windows-style paths are being used. This makes inconsistent code behavior between Windows and POSIX. Compared to popular upath, pathe is providing identical exports of Node.js with normalization on all operations and written in modern ESM/Typescript and has no dependency on Node.js!
This package is a drop-in replacement of the Node.js's path module module and ensures paths are normalized with slash /
and work in environments including Node.js.
Install using npm or yarn:
# npm
npm i pathe
# yarn
yarn add pathe
# pnpm
pnpm i pathe
Import:
// ESM / Typescript
import { resolve } from 'pathe'
// CommonJS
const { resolve } = require('pathe')
Read more about path utils from Node.js documentation and rest assured behavior is ALWAYS like POSIX regardless of your input paths format and running platform!
Pathe exports some extra utilities that do not exist in standard Node.js path module.
In order to use them, you can import from pathe/utils
subpath:
import { filename, normalizeAliases, resolveAlias } from 'pathe/utils'
MIT. Made with 💖
Some code used from Node.js project. See LICENSE.
v1.1.2
/
when calculating relative paths (#142)process.cwd
before calling it (#147)FAQs
Universal filesystem path utils
The npm package pathe receives a total of 9,703,621 weekly downloads. As such, pathe popularity was classified as popular.
We found that pathe demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.