GithubHelp home page GithubHelp logo

npm / move-file Goto Github PK

View Code? Open in Web Editor NEW
0.0 8.0 3.0 160 KB

Move a file across devices with support for all node 10 versions (fork of https://github.com/sindresorhus/move-file)

License: MIT License

JavaScript 100.00%
npm-cli

move-file's Introduction

@npmcli/move-file

Warning: This has been archived and the method has been moved to @npmcli/fs

A fork of move-file with compatibility with all node 10.x versions.

Move a file (or directory)

The built-in fs.rename() is just a JavaScript wrapper for the C rename(2) function, which doesn't support moving files across partitions or devices. This module is what you would have expected fs.rename() to be.

Highlights

  • Promise API.
  • Supports moving a file across partitions and devices.
  • Optionally prevent overwriting an existing file.
  • Creates non-existent destination directories for you.
  • Support for Node versions that lack built-in recursive fs.mkdir()
  • Automatically recurses when source is a directory.

Install

$ npm install @npmcli/move-file

Usage

const moveFile = require('@npmcli/move-file');

(async () => {
	await moveFile('source/unicorn.png', 'destination/unicorn.png');
	console.log('The file has been moved');
})();

API

moveFile(source, destination, options?)

Returns a Promise that resolves when the file has been moved.

moveFile.sync(source, destination, options?)

source

Type: string

File, or directory, you want to move.

destination

Type: string

Where you want the file or directory moved.

options

Type: object

overwrite

Type: boolean
Default: true

Overwrite existing destination file(s).

move-file's People

Contributors

dependabot[bot] avatar github-actions[bot] avatar isaacs avatar lukekarrys avatar nlf avatar wraithgar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

trysound isabella232 timechain-academy

move-file's Issues

[QUESTION] Why is it not allow to copy files to a destination folder?

What / Why

Currently, the move-file forces me to set a destination file. I would like to know if there is a reason behind the fact that setting a destination path=existing folder , does not move files inside?

Where

I would like to use it as "move-file test.file /directory/" but it forces me to use "move-file test.file /directory/test.file"
It may look trivial but when using wildcards that restriction became a problem for me "move-file *.txt /directory/"

[BUG] Unsecurable functions

What / Why

The module functions offer no way to specify mode for implicitly created directories so they always create directories world writable. If a user wants to ensure secure directories they have to avoid these methods. Accepting a directory mode would make it possible to use them securely.

World writable resources such as config files can allow other users to control program behavior. In some cases there's code injection through the config file, which can lead to privilege elevation. World writable directories have the same weakness since they allow adding files within them. A world writable config directory /etc/froznator/conf.d offers a route to controlling program behavior through a new config file. On Linux the umask should usually prevent this but it's not guaranteed. Secure coding standards recommend always specifying a restricted mode so files and directories are secure in any environment. MITRE calls this CWE-732, one of the top 25 most dangerous vulnerabilities.

These lines always create directories without specifying mode. If you used move-file to eg install default config files, you could end up with a world writable config directory.

move-file/index.js

Line 71 in ab492ef

await mkdirp(dirname(destination))

move-file/index.js

Line 122 in ab492ef

mkdirp.sync(dirname(destination))

This came out of research with CodeQL.

When

  • n/a

Where

  • n/a

How

Current Behavior

Directories always created world writable.

Steps to Reproduce

  • Use move-file to create parent directories with umask set to 000.
  • World writable directories are created.

Expected Behavior

Implicitly created directories can be secured.

Who

  • n/a

References

  • n/a

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.