Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
The pkg-up npm package is used to find the closest package.json file in the directory tree, starting from a given directory. It is useful for Node.js projects where you need to locate the package.json file of the current project or a related package.
Find the closest package.json
This feature allows you to asynchronously find the nearest package.json file from the current directory.
const pkgUp = require('pkg-up');
(async () => {
const filePath = await pkgUp();
console.log(filePath);
//=> '/Users/sindresorhus/foo/package.json'
})();
Find the closest package.json synchronously
This feature provides a synchronous method to find the nearest package.json file.
const pkgUp = require('pkg-up');
const filePath = pkgUp.sync();
console.log(filePath);
//=> '/Users/sindresorhus/foo/package.json'
Find package.json from a specific directory
This feature allows you to find the nearest package.json file starting from a specific directory.
const pkgUp = require('pkg-up');
(async () => {
const filePath = await pkgUp({cwd: 'some/subdirectory'});
console.log(filePath);
//=> '/Users/sindresorhus/foo/package.json'
})();
find-up is similar to pkg-up but is more generic. It allows you to find files or directories by name, moving upwards from a given directory. It's not limited to package.json files, making it more versatile for different use cases.
read-pkg-up is built on top of pkg-up and not only finds the closest package.json file but also reads and parses it. This package combines the functionality of pkg-up and read-pkg, providing a more comprehensive solution for accessing package information.
look-up is another package that can be used to find files in parent directories, similar to pkg-up. However, it is less focused on package.json files and more on file patterns, which can be useful for different kinds of file searches.
Find the closest package.json file
npm install pkg-up
/
└── Users
└── sindresorhus
└── foo
├── package.json
└── bar
├── baz
└── example.js
// example.js
import {pkgUp} from 'pkg-up';
console.log(await pkgUp());
//=> '/Users/sindresorhus/foo/package.json'
Returns a Promise<string>
for the file path, or Promise<undefined>
if it could not be found.
Returns the file path, or undefined
if it could not be found.
Type: object
Type: string
Default: process.cwd()
The directory to start from.
FAQs
Find the closest package.json file
The npm package pkg-up receives a total of 7,579,904 weekly downloads. As such, pkg-up popularity was classified as popular.
We found that pkg-up demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.