Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
NodeJS Secure File Removal Utility
Use Node JS to securely delete files on your server with Unix's shred command. You really don't need this module if the machine your running your project on is not using a tranditional mechanical hard drive. In other words, if the file you want to securely delete is on solid state storage, there's no need to use this module and, in fact, it could actually be unnecessarily shortening the life of that disk to use it.
NOTE: This module is not designed to work on Windows but may work on WSL. Your mileage may vary.
How to Install
With NPM:
npm install shredfile
With Yarn:
yarn add shredfile
License info
Licensed under the MIT License:
Getting Started
All of the values listed in the example below represent the default values for their respective configuration item.
You can simply do this:
const ShredFile = require('shredfile');
const shredder = new ShredFile();
And, you'll be good to go.
BUT: If you want more control, you can specify all sorts of options.
const ShredFile = require('shredfile');
const shredder = new ShredFile({
shredPath: '/usr/bin/shred', // Path to shred binary on your server
force: false, // If true, changes permissions of the file(s) to allow writing if necessary
iterations: 3, // How many times to overwrite the file
bytes: null, // If specified, it will shred to specified bytes and then stop
remove: true, // If true, removes (unlinks) file(s) after shredding
zero: true, // If true, adds final overwrite with zeros to hide shredding
debugMode: false // Whether or not to log info/debug/error msgs to the console
});
Here is a non-default values example (to help you get an idea of what some proper-looking alternate values could be):
const ShredFile = require('shredfile');
const shredder = new ShredFile({
shredPath: '/usr/local/bin/shred', // Maybe yours is located here
force: true, // You do want to change permissions to force writing
iterations: 25, // You wear a tinfoil hat at all times, so, naturally, write over the file 25 times.
bytes: '70M', // You're shredding the first 70 MB of the file only.
remove: false, // You want to shred the file but keep it there for some reason.
zero: false, // You don't care about hiding the fact that you shredded the file.
debugMode: true // You want to know everything that happened.
});
API
.shred(files, statusCb, endCb)
This method allows you to shred a one or many files.
Parameters
filesrequired (string or array) A path (string) or list paths (array) to file(s) you want to be shredded.statusCb(function) Will be called everytime the status of a file is changed (ex. renaming and each overwrite iteration). It takes 4 parameters:action(string) This will be either 'overwriting' or 'renaming'progress(float) The percentage of the specific action that is complete (ex. 0.66)file(string) File name of the file that is currently being acted uponactiveFilePath(string) Full path to the file that is currently being acted upon (does not include file name)
endCb(function) Will be called when the shred is complete. It takes 2 parameters:err(string or null) A standard error message string (null if no error)file(string) The originalfilesparameter passed into thisshredmethod.
Examples
Single File (Callback Style)
shredder.shred('/a/picture/for_example.jpg', (err, file) => {
if (err) return console.error(err);
console.log("File has been shredded!");
});
Single File (Async/Await)
async function doShred() {
try {
const file = await shredder.shred('/a/picture/for_example.jpg');
console.log('Shredded File: ', file);
} catch (err) [
console.error(err);
}
}
doShred();
Multiple Files (with status callback) - Callback Style
const files = ['/a/picture/for_example.jpg','/a/different/file.dat'];
shredder.shred(files, (action, progress, file, path) => {
progress = (Math.round((progress * 10000)) / 100);
console.log(`${action} ${file}: ${progress}%`);
}, (err, file) => {
if (err) return console.error(err);
console.log("Files have been shredded!");
});
Multiple Files (with status callback) - Promise Style
const files = ['/a/picture/for_example.jpg','/a/different/file.dat'];
shredder.shred(files, (action, progress, file, path) => {
progress = (Math.round((progress * 10000)) / 100);
console.log(`${action} ${path}/${file}: ${progress}%`);
}).then((files) => {
console.log('Files have been shredded!', files);
}).catch((err) => {
console.error(err);
});
FAQs
A simple wrapper to the Unix shred command.
The npm package shredfile receives a total of 204 weekly downloads. As such, shredfile popularity was classified as not popular.
We found that shredfile demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 25 Feb 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024