npmpackage.info

@pucelle/ignore-walk

Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.

3.0.1

ISC

JavaScript

5.30 kB

785 5.7

Installations

npm install @pucelle/ignore-walk

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

14.15.4

NPM Version

6.14.10 Score

70.6

Supply Chain

87.7

Quality

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

1

Total

133

Closed

72

Merged

60

Issues

Open

0

Total

9

Closed

9

Releases

v7.0.0

Published on 04 Sept 2024

v6.0.5

Published on 04 May 2024

v6.0.4

Published on 29 Nov 2023

v6.0.3

Published on 26 Apr 2023

v6.0.2

Published on 21 Mar 2023

v6.0.1

Published on 07 Feb 2023

View all 9 releases

Contributors

Unable to fetch Contributors

View all 75 contributors

Languages

JavaScript

Handlebars

JavaScript (99.41%)

Handlebars (0.59%)

Developer

isaacs

Download Statistics

Total Downloads

785

Last Day

Last Week

Last Month

Last Year

112

GitHub Statistics

59 Stars

144 Commits

9 Forks

13 Watching

3 Branches

75 Contributors

Bundle Size

14.07 kB

Minified

5.30 kB

Minified + Gzipped

Bundlephobia

Maintainers

Package Meta Information

Latest Version

3.0.1

Package Id

@pucelle/ignore-walk@3.0.1

Unpacked Size

10.85 kB

Size

4.22 kB

File Count

NPM Version

6.14.10

Node Version

14.15.4

Total Downloads

Cumulative downloads

Total Downloads

785

Last day

Compared to previous day

Last week

-33.3%

Compared to previous week

Last month

66.7%

Compared to previous month

Last year

13.1%

112

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

minimatch

Dev Dependencies

mkdirp mutate-fs rimraf tap

Versions

Modifications after forking

Will ignore .git directory to run much faster.

Adds a alwaysIncludeGlobPattern: string option to always includes some files.

ignore-walk

Nested/recursive .gitignore/.npmignore parsing and filtering.

Walk a directory creating a list of entries, parsing any .ignore files met along the way to exclude files.

USAGE

1const walk = require('ignore-walk')
2
3// All options are optional, defaults provided.
4
5// this function returns a promise, but you can also pass a cb
6// if you like that approach better.
7walk({
8  path: '...', // root dir to start in. defaults to process.cwd()
9  ignoreFiles: [ '.gitignore' ], // list of filenames. defaults to ['.ignore']
10  includeEmpty: true|false, // true to include empty dirs, default false
11  follow: true|false // true to follow symlink dirs, default false
12}, callback)
13
14// to walk synchronously, do it this way:
15const result = walk.sync({ path: '/wow/such/filepath' })

If you want to get at the underlying classes, they're at walk.Walker and walk.WalkerSync.

OPTIONS

path The path to start in. Defaults to process.cwd()
ignoreFiles Filenames to treat as ignore files. The default is ['.ignore']. (This is where you'd put .gitignore or .npmignore or whatever.) If multiple ignore files are in a directory, then rules from each are applied in the order that the files are listed.
includeEmpty Set to true to include empty directories, assuming they are not excluded by any of the ignore rules. If not set, then this follows the standard git behavior of not including directories that are empty.

Note: this will cause an empty directory to be included if it would contain an included entry, even if it would have otherwise been excluded itself.

For example, given the rules * (ignore everything) and !/a/b/c (re-include the entry at /a/b/c), the directory /a/b will be included if it is empty.
follow Set to true to treat symbolically linked directories as directories, recursing into them. There is no handling for nested symlinks, so ELOOP errors can occur in some cases when using this option. Defaults to false.

No vulnerabilities found.

10

Security-Policy

Determines if the project has published a security policy.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

License

Determines if the project has defined a license.

8

SAST

Determines if the project uses static code analysis.

6

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/ci-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/ci-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/post-dependabot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/post-dependabot.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/post-dependabot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-integration.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/release-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-integration.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/release-integration.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:274: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:283: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:303: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:236: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ignore-walk/release.yml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/audit.yml:38
Warn: npmCommand not pinned by hash: .github/workflows/ci-release.yml:58
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:42
Warn: npmCommand not pinned by hash: .github/workflows/post-dependabot.yml:39
Warn: npmCommand not pinned by hash: .github/workflows/pull-request.yml:42
Warn: npmCommand not pinned by hash: .github/workflows/release-integration.yml:52
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:130
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:50
Info: 0 out of 26 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 12 third-party GitHubAction dependencies pinned
Info: 0 out of 8 npmCommand dependencies pinned

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Score

5.7

/10

Last Scanned on 2025-01-27

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More