
Research
/Security News
Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
The pkg-up npm package is used to find the closest package.json file in the directory tree, starting from a given directory. It is useful for Node.js projects where you need to locate the package.json file of the current project or a related package.
Find the closest package.json
This feature allows you to asynchronously find the nearest package.json file from the current directory.
const pkgUp = require('pkg-up');
(async () => {
const filePath = await pkgUp();
console.log(filePath);
//=> '/Users/sindresorhus/foo/package.json'
})();
Find the closest package.json synchronously
This feature provides a synchronous method to find the nearest package.json file.
const pkgUp = require('pkg-up');
const filePath = pkgUp.sync();
console.log(filePath);
//=> '/Users/sindresorhus/foo/package.json'
Find package.json from a specific directory
This feature allows you to find the nearest package.json file starting from a specific directory.
const pkgUp = require('pkg-up');
(async () => {
const filePath = await pkgUp({cwd: 'some/subdirectory'});
console.log(filePath);
//=> '/Users/sindresorhus/foo/package.json'
})();
find-up is similar to pkg-up but is more generic. It allows you to find files or directories by name, moving upwards from a given directory. It's not limited to package.json files, making it more versatile for different use cases.
read-pkg-up is built on top of pkg-up and not only finds the closest package.json file but also reads and parses it. This package combines the functionality of pkg-up and read-pkg, providing a more comprehensive solution for accessing package information.
look-up is another package that can be used to find files in parent directories, similar to pkg-up. However, it is less focused on package.json files and more on file patterns, which can be useful for different kinds of file searches.
Find the closest package.json file
npm install pkg-up
/
└── Users
└── sindresorhus
└── foo
├── package.json
└── bar
├── baz
└── example.js
// example.js
import {pkgUp} from 'pkg-up';
console.log(await pkgUp());
//=> '/Users/sindresorhus/foo/package.json'
Returns a Promise<string>
for the file path, or Promise<undefined>
if it could not be found.
Returns the file path, or undefined
if it could not be found.
Type: object
Type: string
Default: process.cwd()
The directory to start from.
FAQs
Find the closest package.json file
The npm package pkg-up receives a total of 9,760,149 weekly downloads. As such, pkg-up popularity was classified as popular.
We found that pkg-up demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
Research
/Security News
Socket researchers investigate 4 malicious npm and PyPI packages with 56,000+ downloads that install surveillance malware.
Security News
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.