Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
webdav-tulip-2
Advanced tools
A WebDAV client written in JavaScript for NodeJS.
This client was branched from webdav-fs as the core functionality deserved its own repository. As webdav-fs' API was designed to resemble NodeJS' fs API, little could be done to improve the adapter interface for regular use.
This WebDAV client library is designed to provide an improved API for low-level WebDAV integration. This client uses window.fetch
when available in the browser.
Usage is very simple (API) - the main exported object is a factory to create adapter instances:
var createClient = require("webdav");
var client = createClient(
"https://webdav-server.org/remote.php/webdav",
"username",
"password"
);
client
.getDirectoryContents("/")
.then(function(contents) {
console.log(JSON.stringify(contents, undefined, 4));
});
Each method returns a Promise
.
These methods can be called on the object returned from the main factory.
Create a new directory at the remote path.
Creates a readable stream on the remote path.
Returns a readable stream instance.
Creates a writeable stream to a remote path.
Returns a writeable stream instance.
Delete a file or directory at remotePath
.
Get an array of items within a directory. remotePath
is a string that begins with a forward-slash and indicates the remote directory to get the contents of.
client
.getDirectoryContents("/MyFolder")
.then(function(contents) {
console.log(JSON.stringify(contents, undefined, 2));
});
The returned value is a Promise, which resolves with an array of item stat objects.
Get the contents of the file at remotePath
as a Buffer
or String
. format
can either be "binary" or "text", where "binary" is default.
var fs = require("fs");
client
.getFileContents("/folder/myImage.jpg")
.then(function(imageData) {
fs.writeFileSync("./myImage.jpg", imageData);
});
Or with text:
client
.getFileContents("/doc.txt", "text")
.then(function(text) {
console.log(text);
});
Get a readable stream on a remote file. Returns a Promise that resolves with a readable stream instance.
This is the underlying method to createReadStream
(uses a PassThrough
stream to delay the data). Due to the requirement of waiting on the request to complete before being able to get the true read stream, a Promise is returned that resolves when it becomes available. createReadStream
simply creates and returns a PassThrough
stream immediately and writes to it once this method resolves.
var fs = require("fs");
client
.getFileStream("/test/image.png")
.then(function(imageStream) {
imageStream.pipe(fs.createWriteStream("./image.png"));
});
options
is an object that may look like the following:
{
"headers": {}
}
Optionally request part of the remote file by specifying the start
and end
byte positions. The end
byte position is optional and the rest of the file from start
onwards will be streamed.
var stream = client.getFileStream("/test/image.png", {
range: { start: 0, end: 499 } // first 500 bytes
});
Get quota information. Returns null
upon failure or an object like so:
{
"used": "12842",
"available": "512482001"
}
Both values are provided in bytes in string form. available
may also be one of the following:
unknown
: The available space is unknown or not yet calculatedunlimited
: The space available is not limited by quotasMove a file or directory from remotePath
to targetPath
.
// Move a directory
client.moveFile("/some-dir", "/storage/moved-dir");
// Rename a file
client.moveFile("/images/pic.jpg", "/images/profile.jpg");
Put some data in a remote file at remotePath
from a Buffer
or String
. data
is a Buffer
or a String
. options
has a property called format
which can be "binary" (default) or "text".
var fs = require("fs");
var imageData = fs.readFileSync("someImage.jpg");
client.putFileContents("/folder/myImage.jpg", imageData, { format: "binary" });
client.putFileContents("/example.txt", "some text", { format: "text" });
options
, which is optional, can be set to an object like the following:
{
"format": "binary",
"headers": {
"Content-Type": "application/octet-stream"
},
"overwrite": true
}
options.overwrite
(default:true
), if set to false, will add an additional header which tells the server to abort writing if the target already exists.
Get the stat properties of a remote file or directory at remotePath
. Resolved object is a item stat object.
Under the hood, webdav-client
uses node-fetch
to perform requests. This can be overridden by running the following:
// For example, use the `fetch` method in the browser:
const createWebDAVClient = require("webdav");
createWebDAVClient.setFetchMethod(window.fetch);
Item stats are objects with properties that descibe a file or directory. They resemble the following:
{
"filename": "/test",
"basename": "test",
"lastmod": "Tue, 05 Apr 2016 14:39:18 GMT",
"size": 0,
"type": "directory"
}
or:
{
"filename": "/image.jpg",
"basename": "image.jpg",
"lastmod": "Sun, 13 Mar 2016 04:23:32 GMT",
"size": 42497,
"type": "file",
"mime": "image/jpeg"
}
Properties:
Property name | Type | Present | Description |
---|---|---|---|
filename | String | Always | File path of the remote item |
basename | String | Always | Base filename of the remote item, no path |
lastmod | String | Always | Last modification date of the item |
size | Number | Always | File size - 0 for directories |
type | String | Always | Item type - "file" or "directory" |
mime | String | Files only | Mime type - for file items only |
FAQs
WebDAV client for NodeJS
The npm package webdav-tulip-2 receives a total of 1 weekly downloads. As such, webdav-tulip-2 popularity was classified as not popular.
We found that webdav-tulip-2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.