Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
resolve-dir
Advanced tools
Resolve a directory that is either local, global or in the user's home directory.
The resolve-dir npm package is designed to resolve directory paths based on the given input. It can handle resolving home directory paths, relative paths, and paths based on the nearest package.json or node_modules directory. This makes it particularly useful in Node.js applications for file and directory path manipulations, especially when dealing with configurations or file loading where the exact path might vary depending on the environment or project structure.
Resolving home directory paths
This feature allows you to resolve the path to the user's home directory using the '~' symbol, which is commonly used in Unix-like systems to refer to the home directory.
const resolveDir = require('resolve-dir');
const homeDir = resolveDir('~');
console.log(homeDir);
Resolving relative paths
This feature enables the resolution of relative paths, making it easier to work with file paths that are relative to the current working directory or another specific directory.
const resolveDir = require('resolve-dir');
const relativePath = resolveDir('./relative/path/to/dir');
console.log(relativePath);
Resolving paths based on nearest package.json or node_modules
This functionality is useful for finding the path to a directory based on the location of the nearest package.json or node_modules directory. It's particularly handy in projects where you need to dynamically find the path to dependencies or project-related directories.
const resolveDir = require('resolve-dir');
const projectDir = resolveDir('node_modules/package-name');
console.log(projectDir);
find-up is similar to resolve-dir in that it helps with finding files or directories by searching up the directory tree. It differs in its approach by focusing on finding files or directories based on a given name or condition, rather than resolving paths.
globby is a package that allows for pattern matching on file paths. While it shares the capability of working with file paths like resolve-dir, globby is more focused on matching patterns and filtering file lists, rather than resolving directory paths.
Resolve a directory that is either local, global or in the user's home directory.
Install with npm:
$ npm install --save resolve-dir
var resolve = require('resolve-dir');
Returns a local directory path unchanged
resolve('a')
//=> 'a'
Resolves the path to user home
resolve('~')
//=> '/Users/jonschlinkert'
resolve('~/foo')
//=> '/Users/jonschlinkert/foo'
Resolves the path to global npm modules
resolve('@')
//=> '/usr/local/lib/node_modules'
resolve('@/foo')
//=> '/usr/local/lib/node_modules/foo'
Pull requests and stars are always welcome. For bugs and feature requests, please create an issue.
(This document was generated by verb-generate-readme (a verb generator), please don't edit the readme directly. Any changes to the readme must be made in .verb.md.)
To generate the readme and API documentation with verb:
$ npm install -g verb verb-generate-readme && verb
Install dev dependencies:
$ npm install -d && npm test
Jon Schlinkert
Copyright © 2016, Jon Schlinkert. Released under the MIT license.
This file was generated by verb-generate-readme, v0.2.0, on October 18, 2016.
FAQs
Resolve a directory that is either local, global or in the user's home directory.
The npm package resolve-dir receives a total of 4,932,990 weekly downloads. As such, resolve-dir popularity was classified as popular.
We found that resolve-dir demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.