Research
wget to Wipeout: Malicious Go Modules Fetch Destructive Payload
Socket's research uncovers three dangerous Go modules that contain obfuscated disk-wiping malware, threatening complete data loss.
By Kush Pandya - May 01, 2025
📅 You're Invited: Meet the Socket team at RSAC (April 28 – May 1).RSVP →
sanitize-filename-fixed
Advanced tools
sanitize-filename-fixed
Sanitize a string for use as a filename, fix for number file name
sanitize-filename 
Sanitize a string to be safe for use as a filename by removing directory paths and invalid characters.
sanitize-filename-fixed comes from sanitize-filename
fix bug that number file name can not handling
Install
npm install sanitize-filename-fixed
Example
var sanitize = require("sanitize-filename-fixed");
// Some string that may be unsafe or invalid as a filename
var UNSAFE_USER_INPUT = "~/.\u0000ssh/authorized_keys";
// Sanitize the string to be safe for use as a filename.
var filename = sanitize(UNSAFE_USER_INPUT);
// -> "~.sshauthorized_keys"
Details
sanitize-filename-fixed removes the following:
- Control characters (
0x00–0x1fand0x80–0x9f) - Reserved characters (
/,?,<,>,\,:,*,|, and") - Unix reserved filenames (
.and..) - Trailing periods and spaces (for Windows)
- Windows reserved filenames (
CON,PRN,AUX,NUL,COM1,COM2,COM3,COM4,COM5,COM6,COM7,COM8,COM9,LPT1,LPT2,LPT3,LPT4,LPT5,LPT6,LPT7,LPT8, andLPT9)
The resulting string is truncated to 255 bytes in length. The string will not contain any directory paths and will be safe to use as a filename.
Empty String "" Result
An empty string "" can be returned. For example:
var sanitize = require("sanitize-filename-fixed");
sanitize("..")
// -> ""
Non-unique Filenames
Two different inputs can return the same value. For example:
var sanitize = require("sanitize-filename-fixed");
sanitize("file?")
// -> "file"
sanitize ("*file*")
// -> "file"
File Systems
Sanitized filenames will be safe for use on modern Windows, OS X, and
Unix file systems (NTFS, ext, etc.).
FAT 8.3 filenames are not supported.
Test Your File System
The test program will use various strings (including the Big List of
Naughty Strings) to create files in the working directory. Run
npm test to run tests against your file system.
API
sanitize(inputString, [options])
Sanitize inputString by removing or replacing invalid characters.
Options:
options.replacement: optional, string/function, default:"". If passed as a string, it's used as the replacement for invalid characters. If passed as a function, the function will be called with the invalid characters and it's return value will be used as the replacement. SeeString.prototype.replacefor more info.
FAQs
Sanitize a string for use as a filename, fix for number file name
We found that sanitize-filename-fixed demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 25 Jul 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Using Trusted Protocols Against You: Gmail as a C2 Mechanism
Socket uncovers malicious packages on PyPI using Gmail's SMTP protocol for command and control (C2) to exfiltrate data and execute commands.
By Olivia Brown - Apr 30, 2025
Product
A New Overview in our Dashboard
We redesigned Socket's first logged-in page to display rich and insightful visualizations about your repositories protected against supply chain threats.
By André Staltz - Apr 29, 2025