Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
vfile-find-up
Advanced tools
vfile utility to find one or more files by searching the file system upwards
vfile utility to find files by searching the file system upwards.
This utility lets you find one or many files upwards.
You can use this utility if you want to find, say, a config file.
If you instead want to find files downwards, such as all markdown files in a
folder, you can use vfile-find-down
.
This package is ESM only. In Node.js (version 16+), install with npm:
npm install vfile-find-up
import {findUp} from 'vfile-find-up'
console.log(await findUp('package.json'))
Yields:
VFile {
cwd: '/Users/tilde/Projects/oss/vfile-find-up',
data: {},
history: [ '/Users/tilde/Projects/oss/vfile-find-up/package.json' ],
messages: []
}
This package exports the identifiers findUp
and
findUpAll
.
There is no default export.
findUp(test[, path][, callback])
Find the first file or folder upwards.
👉 Note: files are not read (their
value
is not populated). useto-vfile
for that.
(test[, path], callback) => undefined
(test[, path]) => Promise<VFile>
test
(Test
)
— things to search forpath
(URL
or string
, default: process.cwd()
)
— place to search fromcallback
(Callback
, optional)
— callback called when doneNothing when callback
is given (undefined
), otherwise a promise that
resolves to a file (VFile | undefined
).
findUpAll(test[, path][, callback])
Find files or folders upwards.
👉 Note: files are not read (their
value
is not populated). useto-vfile
for that.
(test[, path], callback) => undefined
(test[, path]) => Promise<Array<VFile>>
test
(Test
)
— things to search forpaths
(URL
or string
, default: process.cwd()
)
— place to search fromcallback
(CallbackAll
, optional)
— callback called when doneNothing when callback
is given (undefined
), otherwise a promise that
resolves to files (Array<VFile>
).
Assert
Handle a file (TypeScript type).
file
(VFile
)
— file to handleHow to handle this file (Result
, optional).
Callback
Callback called when done finding one file (TypeScript type).
error
(Error | undefined
)
— error; errors are currently never passedfile
(VFile | undefined
)
— fileNothing (undefined
).
CallbackAll
Callback called when done (TypeScript type).
error
(Error | undefined
)
— error; errors are currently never passedfiles
(Array<VFile>
)
— filesNothing (undefined
).
Result
What to do when collecting a file or folder (TypeScript type).
break
(boolean
, default: false
)
— stop searching after this file or folderinclude
(boolean
, default: false
)
— include this file or folderTest
Things to search for (TypeScript type).
For strings, the basename
or extname
of files must match them.
For arrays, any test in them must match.
type Test = Array<Assert | string> | Assert | string
This package is fully typed with TypeScript.
It exports the additional types
Assert
,
Callback
,
CallbackAll
,
Result
, and
Test
.
Projects maintained by the unified collective are compatible with maintained versions of Node.js.
When we cut a new major release, we drop support for unmaintained versions of
Node.
This means we try to keep the current release line, vfile-find-up@^7
,
compatible with Node.js 16.
See contributing.md
in vfile/.github
for ways to
get started.
See support.md
for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.
FAQs
vfile utility to find one or more files by searching the file system upwards
We found that vfile-find-up demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.