Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Built with love, will be grateful for :heart:
Returns an object, that tells if provided string is a valid path, or describes got problem.
valid | invalid | |
---|---|---|
input | 'a/b/c' | 'a/nul/b' |
output | { | { |
npm i valid-path
validPath
function takes three arguments:
validPath('string'[, options, callback]);
argument | required | expected type |
---|---|---|
string | :heavy_check_mark: | string |
options | :heavy_minus_sign: | object |
callback | :heavy_minus_sign: | function |
Example:
const validPath = require('validPath');
const myPath = validPath('string/to/check');
if (myPath.valid) {
// ...
} else {
console.log(`Error in ${myPath.data.input}: ${myPath.error}`);
}
return
object{
valid: boolean,
error: null || string,
data: {
input: input,
notes: string[],
sepDuplications: boolean,
driveLetter: boolean,
globPatterns: boolean,
forbiddenWindowsNames: boolean,
fobiddenWindowsChars: boolean,
forbiddenUnixChars: boolean
}
}
Outputs for calls with default options
Input | Output |
---|---|
a/b/c | { |
a/b/c.js | { |
C://a/b | { |
(nothing) | { |
null | { |
!a/b/c | { |
a\\b\\c | { |
a/b//c | { |
a/b/con | { |
a/b:c/d | { |
a/\0b\c | { |
Options are optional:
If true
, valid-path
will return boolean (true
or false
), not an object.
Default | Expects |
---|---|
false | boolean |
Example
input | a/b/c | a/b/con |
---|---|---|
options | { | { |
output | true | false |
Defines path separator: /
or \\
.
Default | Expects |
---|---|
/ | / or \\ |
Example
input | a/b/c | a/b/c |
---|---|---|
options | { | { |
output | { | { |
If true
, valid-path
will ignore separator duplications and will add a note in notes
array of returned object (Object.data.notes
).
Default | Expects |
---|---|
false | boolean |
Example
input | a/b//c | a/b//c |
---|---|---|
options | { | { |
output | { | { |
If true
, valid-path
will accept drive letter in provided path and will add a note in notes
array of returned object (Object.data.notes
).
Drive letter can have single and doubled separator (C:/a/b
or C://a/b
). In case of doubled separator you do not need to set allowSepDuplications
option to true
: valid path
will accept the duplication just for drive letter.
Default | Expects |
---|---|
true | boolean |
Example
input | C://a/b | C://a/b |
---|---|---|
options | { | { |
output | { | { |
If true
, valid-path
will accept glob pattern in provided path and will add a note in notes
array of returned object (Object.data.notes
).
Default | Expects |
---|---|
false | boolean |
Example
input | a/*/*.js | a/*/*.js |
---|---|---|
options | { | { |
output | { | { |
By default valid-path
does not accept file and folder names that are forbidden in Windows: nul
, prn
, con
, lpt[0-9]
, com[0-9]
. Set to true
to accept these names.
Default | Expects |
---|---|
false | boolean |
Example
input | a/b/lpt3 | a/b/lpt3 |
---|---|---|
options | { | { |
output | { | { |
By default valid-path
does not accept characters in path items that are forbidden in Windows: /
, \
, <
, >
, :
, "
, *
, ?
, |
. Set to true
to accept these characters.
Default | Expects |
---|---|
false | boolean |
Example
input | a/b:c/d | a/b:c/d |
---|---|---|
options | { | { |
output | { | { |
By default valid-path
does not accept characters in path items that are forbidden in Unix: \0
(NULL byte), /
. Set to true
to accept these characters.
Default | Expects |
---|---|
false | boolean |
Example
input | a/\0b/c | a/\0b/c |
---|---|---|
options | { | { |
output | { | { |
valid-pqath
v1.0.0 had return
and options
different from current version, and did not have callback argument. If you switch to the latest version, it will break your code. To keep your existing code and use the latest valid-path
version you have to set migrate
option to true
:
validPath('a/b', {migrate: true});
Plese note, that migrate
will be deprecated in future versions.
FAQs
Checks if provided string looks like a valid path
The npm package valid-path receives a total of 397 weekly downloads. As such, valid-path popularity was classified as not popular.
We found that valid-path demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.