write-file-atomic
Advanced tools
write-file-atomic - npm Package Compare versions
+48
-4
@@ -58,2 +58,18 @@ 'use strict' | ||
| // https://github.com/isaacs/node-graceful-fs/blob/master/polyfills.js#L315-L342 | ||
| function isChownErrOk (err) { | ||
| if (err.code === 'ENOSYS') { | ||
| return true | ||
| } | ||
| const nonroot = !process.getuid || process.getuid() !== 0 | ||
| if (nonroot) { | ||
| if (err.code === 'EINVAL' || err.code === 'EPERM') { | ||
| return true | ||
| } | ||
| } | ||
| return false | ||
| } | ||
| async function writeFileAsync (filename, data, options = {}) { | ||
@@ -111,7 +127,15 @@ if (typeof options === 'string') { | ||
| if (options.chown) { | ||
| await promisify(fs.chown)(tmpfile, options.chown.uid, options.chown.gid) | ||
| await promisify(fs.chown)(tmpfile, options.chown.uid, options.chown.gid).catch(err => { | ||
| if (!isChownErrOk(err)) { | ||
| throw err | ||
| } | ||
| }) | ||
| } | ||
| if (options.mode) { | ||
| await promisify(fs.chmod)(tmpfile, options.mode) | ||
| await promisify(fs.chmod)(tmpfile, options.mode).catch(err => { | ||
| if (!isChownErrOk(err)) { | ||
| throw err | ||
| } | ||
| }) | ||
| } | ||
@@ -198,6 +222,26 @@ | ||
| } | ||
| fs.closeSync(fd) | ||
| fd = null | ||
| if (options.chown) fs.chownSync(tmpfile, options.chown.uid, options.chown.gid) | ||
| if (options.mode) fs.chmodSync(tmpfile, options.mode) | ||
| if (options.chown) { | ||
| try { | ||
| fs.chownSync(tmpfile, options.chown.uid, options.chown.gid) | ||
| } catch (err) { | ||
| if (!isChownErrOk(err)) { | ||
| throw err | ||
| } | ||
| } | ||
| } | ||
| if (options.mode) { | ||
| try { | ||
| fs.chmodSync(tmpfile, options.mode) | ||
| } catch (err) { | ||
| if (!isChownErrOk(err)) { | ||
| throw err | ||
| } | ||
| } | ||
| } | ||
| fs.renameSync(tmpfile, filename) | ||
@@ -204,0 +248,0 @@ threw = false |
+1
-1
| { | ||
| "name": "write-file-atomic", | ||
| "version": "3.0.2", | ||
| "version": "3.0.3", | ||
| "description": "Write files in an atomic fashion w/configurable ownership", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
New alerts
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
AI-detected potential code anomaly
Supply chain riskAI has identified unusual behaviors that may pose a security risk.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
12787
6.39%- Lines of code
227
19.47%Worsened metrics
- Number of low supply chain risk alerts
4
33.33%