Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The tmp npm package is used for creating temporary files and directories in a Node.js environment. It helps manage and clean up temporary files automatically.
Temporary File Creation
This feature allows you to create a temporary file. The library provides a callback with the path and file descriptor, and a cleanup callback to remove the file when it's no longer needed.
const tmp = require('tmp');
tmp.file(function _tempFileCreated(err, path, fd, cleanupCallback) {
if (err) throw err;
console.log('File: ', path);
console.log('Filedescriptor: ', fd);
// If we don't need the file anymore we could manually call the cleanupCallback
// But that is not necessary if we didn't pass the keep option because the library will clean after itself.
cleanupCallback();
});
Temporary Directory Creation
This feature allows you to create a temporary directory. Similar to temporary file creation, it provides a path to the directory and a cleanup callback.
const tmp = require('tmp');
tmp.dir(function _tempDirCreated(err, path, cleanupCallback) {
if (err) throw err;
console.log('Dir: ', path);
// Manual cleanup
cleanupCallback();
});
Synchronous File Creation
This feature allows for synchronous creation of a temporary file name. It returns the name directly without the need for a callback.
const tmp = require('tmp');
const name = tmp.tmpNameSync();
console.log('Temporary filename: ', name);
Synchronous Directory Creation
This feature allows for synchronous creation of a temporary directory. It returns an object with the directory name.
const tmp = require('tmp');
const dir = tmp.dirSync();
console.log('Temporary directory: ', dir.name);
The 'temp' package is similar to 'tmp' and is also used for managing temporary files and directories. It provides automatic cleanup and tracking of temporary files, but it has not been updated as frequently as 'tmp'.
The 'tempfile' package is a simpler alternative to 'tmp' that focuses on generating temporary file paths. It does not handle the creation or cleanup of the files.
The 'temp-dir' package provides the path to the system's default directory for temporary files, rather than creating temporary files or directories itself.
The 'mktemp' package creates temporary files and directories in a way similar to the Unix command of the same name. It offers a lower-level API compared to 'tmp' and requires manual cleanup.
A simple temporary file and directory creator for node.js.
This is a widely used library to create temporary files and directories in a node.js environment.
Tmp offers both an asynchronous and a synchronous API. For all API calls, all the parameters are optional.
Tmp uses crypto for determining random file names, or, when using templates, a six letter random identifier. And just in case that you do not have that much entropy left on your system, Tmp will fall back to pseudo random numbers.
You can set whether you want to remove the temporary file on process exit or not, and the destination directory can also be set.
npm install tmp
Simple temporary file creation, the file will be closed and unlinked on process exit.
var tmp = require('tmp');
tmp.file(function _tempFileCreated(err, path, fd, cleanupCallback) {
if (err) throw err;
console.log("File: ", path);
console.log("Filedescriptor: ", fd);
// If we don't need the file anymore we could manually call the cleanupCallback
// But that is not necessary if we didn't pass the keep option because the library
// will clean after itself.
cleanupCallback();
});
A synchronous version of the above.
var tmp = require('tmp');
var tmpobj = tmp.fileSync();
console.log("File: ", tmpobj.name);
console.log("Filedescriptor: ", tmpobj.fd);
// If we don't need the file anymore we could manually call the removeCallback
// But that is not necessary if we didn't pass the keep option because the library
// will clean after itself.
tmpobj.removeCallback();
Note that this might throw an exception if either the maximum limit of retries for creating a temporary name fails, or, in case that you do not have the permission to write to the directory where the temporary file should be created in.
Simple temporary directory creation, it will be removed on process exit.
If the directory still contains items on process exit, then it won't be removed.
var tmp = require('tmp');
tmp.dir(function _tempDirCreated(err, path, cleanupCallback) {
if (err) throw err;
console.log("Dir: ", path);
// Manual cleanup
cleanupCallback();
});
If you want to cleanup the directory even when there are entries in it, then
you can pass the unsafeCleanup
option when creating it.
A synchronous version of the above.
var tmp = require('tmp');
var tmpobj = tmp.dirSync();
console.log("Dir: ", tmpobj.name);
// Manual cleanup
tmpobj.removeCallback();
Note that this might throw an exception if either the maximum limit of retries for creating a temporary name fails, or, in case that you do not have the permission to write to the directory where the temporary directory should be created in.
It is possible with this library to generate a unique filename in the specified directory.
var tmp = require('tmp');
tmp.tmpName(function _tempNameGenerated(err, path) {
if (err) throw err;
console.log("Created temporary filename: ", path);
});
A synchronous version of the above.
var tmp = require('tmp');
var name = tmp.tmpNameSync();
console.log("Created temporary filename: ", name);
Creates a file with mode 0644
, prefix will be prefix-
and postfix will be .txt
.
var tmp = require('tmp');
tmp.file({ mode: 0644, prefix: 'prefix-', postfix: '.txt' }, function _tempFileCreated(err, path, fd) {
if (err) throw err;
console.log("File: ", path);
console.log("Filedescriptor: ", fd);
});
A synchronous version of the above.
var tmp = require('tmp');
var tmpobj = tmp.fileSync({ mode: 0644, prefix: 'prefix-', postfix: '.txt' });
console.log("File: ", tmpobj.name);
console.log("Filedescriptor: ", tmpobj.fd);
As a side effect of creating a unique file tmp
gets a file descriptor that is
returned to the user as the fd
parameter. The descriptor may be used by the
application and is closed when the removeCallback
is invoked.
In some use cases the application does not need the descriptor, needs to close it without removing the file, or needs to remove the file without closing the descriptor. Two options control how the descriptor is managed:
discardDescriptor
- if true
causes tmp
to close the descriptor after the file
is created. In this case the fd
parameter is undefined.detachDescriptor
- if true
causes tmp
to return the descriptor in the fd
parameter, but it is the application's responsibility to close it when it is no
longer needed.var tmp = require('tmp');
tmp.file({ discardDescriptor: true }, function _tempFileCreated(err, path, fd, cleanupCallback) {
if (err) throw err;
// fd will be undefined, allowing application to use fs.createReadStream(path)
// without holding an unused descriptor open.
});
var tmp = require('tmp');
tmp.file({ detachDescriptor: true }, function _tempFileCreated(err, path, fd, cleanupCallback) {
if (err) throw err;
cleanupCallback();
// Application can store data through fd here; the space used will automatically
// be reclaimed by the operating system when the descriptor is closed or program
// terminates.
});
Creates a directory with mode 0755
, prefix will be myTmpDir_
.
var tmp = require('tmp');
tmp.dir({ mode: 0750, prefix: 'myTmpDir_' }, function _tempDirCreated(err, path) {
if (err) throw err;
console.log("Dir: ", path);
});
Again, a synchronous version of the above.
var tmp = require('tmp');
var tmpobj = tmp.dirSync({ mode: 0750, prefix: 'myTmpDir_' });
console.log("Dir: ", tmpobj.name);
Creates a new temporary directory with mode 0700
and filename like /tmp/tmp-nk2J1u
.
var tmp = require('tmp');
tmp.dir({ template: '/tmp/tmp-XXXXXX' }, function _tempDirCreated(err, path) {
if (err) throw err;
console.log("Dir: ", path);
});
This will behave similarly to the asynchronous version.
var tmp = require('tmp');
var tmpobj = tmp.dirSync({ template: '/tmp/tmp-XXXXXX' });
console.log("Dir: ", tmpobj.name);
The tmpName()
function accepts the prefix
, postfix
, dir
, etc. parameters also:
var tmp = require('tmp');
tmp.tmpName({ template: '/tmp/tmp-XXXXXX' }, function _tempNameGenerated(err, path) {
if (err) throw err;
console.log("Created temporary filename: ", path);
});
The tmpNameSync()
function works similarly to tmpName()
.
var tmp = require('tmp');
var tmpname = tmp.tmpNameSync({ template: '/tmp/tmp-XXXXXX' });
console.log("Created temporary filename: ", tmpname);
One may want to cleanup the temporary files even when an uncaught exception
occurs. To enforce this, you can call the setGracefulCleanup()
method:
var tmp = require('tmp');
tmp.setGracefulCleanup();
All options are optional :)
mode
: the file mode to create with, it fallbacks to 0600
on file creation and 0700
on directory creationprefix
: the optional prefix, fallbacks to tmp-
if not providedpostfix
: the optional postfix, fallbacks to .tmp
on file creationtemplate
: mkstemp
like filename template, no defaultdir
: the optional temporary directory, fallbacks to system default (guesses from environment)tries
: how many times should the function try to get a unique filename before giving up, default 3
keep
: signals that the temporary file or directory should not be deleted on exit, default is false
, means delete
cleanupCallback
function manually.unsafeCleanup
: recursively removes the created temporary directory, even when it's not empty. default is false
v0.0.31 (2016-11-21)
FAQs
Temporary file and directory creator
The npm package tmp receives a total of 42,994,473 weekly downloads. As such, tmp popularity was classified as popular.
We found that tmp demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.