Socket
Socket
Sign inDemoInstall

tmp

Package Overview
Dependencies
30
Maintainers
1
Versions
36
Alerts
File Explorer

Advanced tools

npm Scripts
License

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 0.2.1 to 0.2.2

25

lib/tmp.js

@@ -538,3 +538,3 @@ /*!

// for completeness' sake only, also keep (multiple) blanks if the user, purportedly sane, requests us to
options.name = _isUndefined(options.name) ? undefined : _sanitizeName(options.name);
options.name = _isUndefined(options.name) ? undefined : options.name;
options.prefix = _isUndefined(options.prefix) ? '' : options.prefix;

@@ -556,7 +556,6 @@ options.postfix = _isUndefined(options.postfix) ? '' : options.postfix;

function _resolvePath(name, tmpDir) {
const sanitizedName = _sanitizeName(name);
if (sanitizedName.startsWith(tmpDir)) {
return path.resolve(sanitizedName);
if (name.startsWith(tmpDir)) {
return path.resolve(name);
} else {
return path.resolve(path.join(tmpDir, sanitizedName));
return path.resolve(path.join(tmpDir, name));
}

@@ -566,16 +565,2 @@ }

/**
* Sanitize the specified path name by removing all quote characters.
*
* @param name
* @returns {string}
* @private
*/
function _sanitizeName(name) {
if (_isBlank(name)) {
return name;
}
return name.replace(/["']/g, '');
}
/**
* Asserts whether specified name is relative to the specified tmpDir.

@@ -669,3 +654,3 @@ *

function _getTmpDir(options) {
return path.resolve(_sanitizeName(options && options.tmpdir || os.tmpdir()));
return path.resolve(options && options.tmpdir || os.tmpdir());
}

@@ -672,0 +657,0 @@

8

package.json
{
"name": "tmp",
"version": "0.2.1",
"version": "0.2.2",
"description": "Temporary file and directory creator",

@@ -25,6 +25,6 @@ "author": "KARASZI István <github@spam.raszi.hu> (http://raszi.hu/)",

"engines": {
"node": ">=8.17.0"
"node": ">=14"
},
"dependencies": {
"rimraf": "^3.0.0"
"rimraf": "^5.0.5"
},

@@ -36,3 +36,3 @@ "devDependencies": {

"lerna-changelog": "^1.0.1",
"mocha": "^6.2.0"
"mocha": "^10.2.0"
},

@@ -39,0 +39,0 @@ "main": "lib/tmp.js",

63

README.md

@@ -5,4 +5,4 @@ # Tmp

[![Build Status](https://travis-ci.org/raszi/node-tmp.svg?branch=master)](https://travis-ci.org/raszi/node-tmp)
[![Dependencies](https://david-dm.org/raszi/node-tmp.svg)](https://david-dm.org/raszi/node-tmp)
[![Build Status](https://img.shields.io/github/actions/workflow/status/raszi/node-tmp/node.js.yml?branch=master)](https://github.com/raszi/node-tmp/actions/workflows/node.js.yml)
[![Dependencies](https://img.shields.io/librariesio/github/raszi/node-tmp)](https://libraries.io/github/raszi/node-tmp)
[![npm version](https://badge.fury.io/js/tmp.svg)](https://badge.fury.io/js/tmp)

@@ -31,2 +31,24 @@ [![API documented](https://img.shields.io/badge/API-documented-brightgreen.svg)](https://raszi.github.io/node-tmp/)

## An Important Note on Previously Undocumented Breaking Changes
All breaking changes that had been introduced, i.e.
- tmpdir must be located under the system defined tmpdir root.
- Spaces being collapsed into single spaces
- Removal of all single and double quote characters
have been reverted in v0.2.2 and tmp should now behave as it did before the
introduction of these breaking changes.
Other breaking changes, i.e.
- template must be relative to tmpdir
- name must be relative to tmpdir
- dir option must be relative to tmpdir
are still in place.
In order to override the system's tmpdir, you will have to use the newly
introduced tmpdir option.
## An Important Note on Compatibility

@@ -36,2 +58,6 @@

### Version 0.2.2
Since version 0.2.2, all support for node version <= 12 has been dropped.
### Version 0.1.0

@@ -66,2 +92,14 @@

## Graceful cleanup
If graceful cleanup is set, tmp will remove all controlled temporary objects on process exit, otherwise the temporary objects will remain in place, waiting to be cleaned up on system restart or otherwise scheduled temporary object removal.
To enforce this, you can call the `setGracefulCleanup()` method:
```javascript
const tmp = require('tmp');
tmp.setGracefulCleanup();
```
### Asynchronous file creation

@@ -326,16 +364,2 @@

## Graceful cleanup
If graceful cleanup is set, tmp will remove all controlled temporary objects on process exit, otherwise the
temporary objects will remain in place, waiting to be cleaned up on system restart or otherwise scheduled temporary
object removal.
To enforce this, you can call the `setGracefulCleanup()` method:
```javascript
const tmp = require('tmp');
tmp.setGracefulCleanup();
```
## Options

@@ -349,7 +373,4 @@

* `postfix`: the optional postfix
* `template`: [`mkstemp`][3] like filename template, no default, can be either an absolute or a relative path that resolves
to a relative path of the system's default temporary directory, must include `XXXXXX` once for random name generation, e.g.
'foo/bar/XXXXXX'. Absolute paths are also fine as long as they are relative to os.tmpdir().
Any directories along the so specified path must exist, otherwise a ENOENT error will be thrown upon access,
as tmp will not check the availability of the path, nor will it establish the requested path for you.
* `template`: [`mkstemp`][3] like filename template, no default, must include `XXXXXX` once for random name generation, e.g.
'foo-bar-XXXXXX'.
* `dir`: the optional temporary directory that must be relative to the system's default temporary directory.

@@ -356,0 +377,0 @@ absolute paths are fine as long as they point to a location under the system's default temporary directory.

CHANGELOG.md
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc