Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The rimraf npm package is a Node.js module that provides a way to perform a deep deletion of files and directories, similar to the 'rm -rf' Unix command. It is designed to work on both Windows and Unix file systems, handling the intricacies of different environments. It is often used to clean up directories before rebuilding a project or to remove temporary files.
Asynchronous file and directory removal
This feature allows for the asynchronous removal of a directory and its contents. The provided code sample demonstrates how to use rimraf to delete a directory asynchronously. The callback function is used to handle any errors or to perform actions after the removal is complete.
const rimraf = require('rimraf');
rimraf('/path/to/directory', function (err) {
if (err) throw err;
console.log('Directory and its contents have been removed');
});
Synchronous file and directory removal
This feature allows for the synchronous removal of a directory and its contents. The provided code sample demonstrates how to use rimraf to delete a directory synchronously. The operation will block the event loop until the removal is complete.
const rimraf = require('rimraf');
rimraf.sync('/path/to/directory');
console.log('Directory and its contents have been removed synchronously');
Promisified file and directory removal
This feature allows for the removal of a directory and its contents using promises, which can be more convenient when working with modern asynchronous code patterns. The provided code sample demonstrates how to promisify the rimraf function and use it with then/catch for handling the resolution and rejection of the promise.
const rimraf = require('rimraf');
const { promisify } = require('util');
const rimrafPromise = promisify(rimraf);
rimrafPromise('/path/to/directory').then(() => {
console.log('Directory and its contents have been removed');
}).catch((err) => {
console.error('An error occurred:', err);
});
fs-extra is a package that extends the built-in fs module with additional methods, including 'remove' and 'removeSync', which are similar to rimraf's functionality. It offers a broader set of file system operations, making it a more comprehensive choice for projects that require more than just file removal.
del is a package that provides file and directory deletion features with a promise-based API. It is similar to rimraf but offers more options for file selection and deletion, such as pattern matching. It is a good choice for users who prefer working with promises and need more control over what files to delete.
The UNIX command rm -rf
for node.
Install with npm install rimraf
.
import { rimrafSync } from 'rimraf
.Promise
instead of taking a callback.--glob
CLI option or glob
option property
to be set. (Removed in 4.0 and 4.1, opt-in support added in 4.2.)EBUSY
fails to
resolve the situation.Hybrid module, load either with import
or require()
.
// 'rimraf' export is the one you probably want, but other
// strategies exported as well.
import { rimraf, rimrafSync, native, nativeSync } from 'rimraf'
// or
const { rimraf, rimrafSync, native, nativeSync } = require('rimraf')
All removal functions return a boolean indicating that all entries were successfully removed.
The only case in which this will not return true
is if
something was omitted from the removal via a filter
option.
rimraf(f, [opts]) -> Promise
This first parameter is a path or array of paths. The second argument is an options object.
Options:
preserveRoot
: If set to boolean false
, then allow the
recursive removal of the root directory. Otherwise, this is
not allowed.
tmp
: Windows only. Temp folder to use to place files and
folders for the "move then remove" fallback. Must be on the
same physical device as the path being deleted. Defaults to
os.tmpdir()
when that is on the same drive letter as the path
being deleted, or ${drive}:\temp
if present, or ${drive}:\
if not.
maxRetries
: Windows and Native only. Maximum number of
retry attempts in case of EBUSY
, EMFILE
, and ENFILE
errors. Default 10
for Windows implementation, 0
for Native
implementation.
backoff
: Windows only. Rate of exponential backoff for async
removal in case of EBUSY
, EMFILE
, and ENFILE
errors.
Should be a number greater than 1. Default 1.2
maxBackoff
: Windows only. Maximum total backoff time in ms to
attempt asynchronous retries in case of EBUSY
, EMFILE
, and
ENFILE
errors. Default 200
. With the default 1.2
backoff
rate, this results in 14 retries, with the final retry being
delayed 33ms.
retryDelay
: Native only. Time to wait between retries, using
linear backoff. Default 100
.
signal
Pass in an AbortSignal to cancel the directory
removal. This is useful when removing large folder structures,
if you'd like to limit the amount of time spent.
Using a signal
option prevents the use of Node's built-in
fs.rm
because that implementation does not support abort
signals.
glob
Boolean flag to treat path as glob pattern, or an object
specifying glob
options.
filter
Method that returns a boolean indicating whether that
path should be deleted. With async rimraf methods, this may
return a Promise that resolves to a boolean. (Since Promises
are truthy, returning a Promise from a sync filter is the same
as just not filtering anything.)
The first argument to the filter is the path string. The
second argument is either a Dirent
or Stats
object for that
path. (The first path explored will be a Stats
, the rest
will be Dirent
.)
If a filter method is provided, it will only remove entries if the filter returns (or resolves to) a truthy value. Omitting a directory will still allow its children to be removed, unless they are also filtered out, but any parents of a filtered entry will not be removed, since the directory would not be empty in that case.
Using a filter method prevents the use of Node's built-in
fs.rm
because that implementation does not support filtering.
Any other options are provided to the native Node.js fs.rm
implementation
when that is used.
This will attempt to choose the best implementation, based on Node.js
version and process.platform
. To force a specific implementation, use
one of the other functions provided.
rimraf.sync(f, [opts])
rimraf.rimrafSync(f, [opts])
Synchronous form of rimraf()
Note that, unlike many file system operations, the synchronous form will typically be significantly slower than the async form, because recursive deletion is extremely parallelizable.
rimraf.native(f, [opts])
Uses the built-in fs.rm
implementation that Node.js provides. This is
used by default on Node.js versions greater than or equal to 14.14.0
.
rimraf.nativeSync(f, [opts])
rimraf.native.sync(f, [opts])
Synchronous form of rimraf.native
rimraf.manual(f, [opts])
Use the JavaScript implementation appropriate for your operating system.
rimraf.manualSync(f, [opts])
rimraf.manualSync(f, opts)
Synchronous form of rimraf.manual()
rimraf.windows(f, [opts])
JavaScript implementation of file removal appropriate for Windows
platforms. Works around unlink
and rmdir
not being atomic
operations, and EPERM
when deleting files with certain
permission modes.
First deletes all non-directory files within the tree, and then
removes all directories, which should ideally be empty by that
time. When an ENOTEMPTY
is raised in the second pass, falls
back to the rimraf.moveRemove
strategy as needed.
rimraf.windows.sync(path, [opts])
rimraf.windowsSync(path, [opts])
Synchronous form of rimraf.windows()
rimraf.moveRemove(path, [opts])
Moves all files and folders to the parent directory of path
with a temporary filename prior to attempting to remove them.
Note that, in cases where the operation fails, this may leave
files lying around in the parent directory with names like
.file-basename.txt.0.123412341
. Until the Windows kernel
provides a way to perform atomic unlink
and rmdir
operations,
this is unfortunately unavoidable.
To move files to a different temporary directory other than the
parent, provide opts.tmp
. Note that this must be on the same
physical device as the folder being deleted, or else the
operation will fail.
This is the slowest strategy, but most reliable on Windows
platforms. Used as a last-ditch fallback by rimraf.windows()
.
rimraf.moveRemove.sync(path, [opts])
rimraf.moveRemoveSync(path, [opts])
Synchronous form of rimraf.moveRemove()
rimraf version 4.3.0
Usage: rimraf <path> [<path> ...]
Deletes all files and folders at "path", recursively.
Options:
-- Treat all subsequent arguments as paths
-h --help Display this usage info
--preserve-root Do not remove '/' recursively (default)
--no-preserve-root Do not treat '/' specially
-G --no-glob Treat arguments as literal paths, not globs (default)
-g --glob Treat arguments as glob patterns
-v --verbose Be verbose when deleting files, showing them as
they are removed. Not compatible with --impl=native
-V --no-verbose Be silent when deleting files, showing nothing as
they are removed (default)
-i --interactive Ask for confirmation before deleting anything
Not compatible with --impl=native
-I --no-interactive Do not ask for confirmation before deleting
--impl=<type> Specify the implementation to use:
rimraf: choose the best option (default)
native: the built-in implementation in Node.js
manual: the platform-specific JS implementation
posix: the Posix JS implementation
windows: the Windows JS implementation (falls back to
move-remove on ENOTEMPTY)
move-remove: a slow reliable Windows fallback
Implementation-specific options:
--tmp=<path> Temp file folder for 'move-remove' implementation
--max-retries=<n> maxRetries for 'native' and 'windows' implementations
--retry-delay=<n> retryDelay for 'native' implementation, default 100
--backoff=<n> Exponential backoff factor for retries (default: 1.2)
If you need to create a directory recursively, check out mkdirp.
FAQs
A deep deletion module for node (like `rm -rf`)
The npm package rimraf receives a total of 65,939,341 weekly downloads. As such, rimraf popularity was classified as popular.
We found that rimraf demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.