Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Watchr provides a normalised API the file watching APIs of different node versions, nested/recursive file and directory watching, and accurate detailed events for file/directory creations, updates, and deletions.
You install it via npm install watchr
and use it via require('watchr').watch(config)
. Available configuration options are:
path
a single path to watchpaths
an array of paths to watchlistener
a single change listener to fire when a change occurslisteners
an array of listeners to fire when a change occurs, overloaded to accept the following values:
changeListener
a single change listener[changeListener]
an array of change listeners{eventName:eventListener}
an object keyed with the event names and valued with a single event listener{eventName:[eventListener]}
an object keyed with the event names and valued with an array of event listenersnext
(optional, defaults to null
) a completion callback to fire once the watchers have been setup, arguments are:
path
configuration option: err, watcherInstance
paths
configuration option: err, [watcherInstance,...]
stat
(optional, defaults to null
) a file stat object to use for the path, instead of fetching a new oneinterval
(optional, defaults to 5007
) for systems that poll to detect file changes, how often should it poll in millsecondspersistent
(optional, defaults to true
) whether or not we should keep the node process alive for as long as files are still being watchedduplicateDelay
(optional, defaults to 1000
) sometimes events will fire really fast, this delay is set in place so we don't fire the same event within the timespan. Set to falsey to perform no duplicate detection.preferredMethods
(optional, defaults to ['watch','watchFile']
) which order should we prefer our watching methods to be tried?ignorePaths
(optional, defaults to false
) an array of full paths to ignoreignoreHiddenFiles
(optional, defaults to false
) whether or not to ignored files which filename starts with a .
ignoreCommonPatterns
(optional, defaults to true
) whether or not to ignore common undesirable file patterns (e.g. .svn
, .git
, .DS_Store
, thumbs.db
, etc)ignoreCustomPatterns
(optional, defaults to null
) any custom ignore patterns that you would also like to ignore along with the common patternsThe following events are available to your via the listeners:
log
for debugging, receives the arguments logLevel ,args...
error
for gracefully listening to error events, receives the arguments err
watching
for when watching of the path has completed, receives the arguments err, isWatching
change
for listening to change events, receives the arguments changeType, fullPath, currentStat, previousStat
, received arguments will be:
'update', fullPath, currentStat, previousStat
'create', fullPath, currentStat, null
'delete', fullPath, null, previousStat
To wrap it all together, it would look like this:
// Require
var watchr = require('watchr');
// Watch a directory or file
console.log('Watch our paths');
watchr.watch({
paths: ['path1','path2','path3'],
listeners: {
log: function(logLevel){
console.log('a log message occured:', arguments);
},
error: function(err){
console.log('an error occured:', err);
},
watching: function(err,watcherInstance,isWatching){
if (err) {
console.log("watching the path " + watcherInstance.path + " failed with error", err);
} else {
console.log("watching the path " + watcherInstance.path + " completed");
}
},
change: function(changeType,filePath,fileCurrentStat,filePreviousStat){
console.log('a change event occured:',arguments);
}
},
next: function(err,watchers){
if (err) {
return console.log("watching everything failed with error", err);
} else {
console.log('watching everything completed', watchers);
}
// Close watchers after 60 seconds
setTimeout(function(){
var i;
console.log('Stop watching our paths');
for ( i=0; i<watchers.length; i++ ) {
watchers[i].close();
}
},60*1000);
}
});
You can test the above code snippet by running the following:
npm install -g watchr
watchr
Support can be found in the GitHub Issue Tracker
You can discover the history inside the History.md file
Licensed under the incredibly permissive MIT License
Copyright © 2012+ Bevry Pty Ltd
Copyright © 2011 Benjamin Lupton
v2.4.0 2013 April 5
FAQs
Better file system watching for Node.js
The npm package watchr receives a total of 21,034 weekly downloads. As such, watchr popularity was classified as popular.
We found that watchr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.