Gathering detailed insights and metrics for glob-parent
Gathering detailed insights and metrics for glob-parent
Extract the non-magic parent path from a glob string.
Installations
npm install glob-parentScore
99.2
Supply Chain
99.4
Quality
80.6
Maintenance
100
Vulnerability
100
License
Developer
gulpjs
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=10.13.0
Typescript Support
No
Node Version
14.18.0
NPM Version
7.24.1
Statistics
79 Stars
89 Commits
46 Forks
15 Watching
2 Branches
11 Contributors
Updated on 29 Aug 2024
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
16,420,135,322
Last day
-6.7%
19,430,402
Compared to previous day
Last week
1.6%
113,287,941
Compared to previous week
Last month
12.7%
464,850,345
Compared to previous month
Last year
16.5%
4,605,470,936
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
glob-parent
Extract the non-magic parent path from a glob string.
Usage
1var globParent = require('glob-parent'); 2 3globParent('path/to/*.js'); // 'path/to' 4globParent('/root/path/to/*.js'); // '/root/path/to' 5globParent('/*.js'); // '/' 6globParent('*.js'); // '.' 7globParent('**/*.js'); // '.' 8globParent('path/{to,from}'); // 'path' 9globParent('path/!(to|from)'); // 'path' 10globParent('path/?(to|from)'); // 'path' 11globParent('path/+(to|from)'); // 'path' 12globParent('path/*(to|from)'); // 'path' 13globParent('path/@(to|from)'); // 'path' 14globParent('path/**/*'); // 'path' 15 16// if provided a non-glob path, returns the nearest dir 17globParent('path/foo/bar.js'); // 'path/foo' 18globParent('path/foo/'); // 'path/foo' 19globParent('path/foo'); // 'path' (see issue #3 for details)
API
globParent(maybeGlobString, [options])
Takes a string and returns the part of the path before the glob begins. Be aware of Escaping rules and Limitations below.
options
1{ 2 // Disables the automatic conversion of slashes for Windows 3 flipBackslashes: true; 4}
Escaping
The following characters have special significance in glob patterns and must be escaped if you want them to be treated as regular path characters:
?(question mark) unless used as a path segment alone*(asterisk)|(pipe)((opening parenthesis))(closing parenthesis){(opening curly brace)}(closing curly brace)[(opening bracket)](closing bracket)
Example
1globParent('foo/[bar]/'); // 'foo' 2globParent('foo/\\[bar]/'); // 'foo/[bar]'
Limitations
Braces & Brackets
This library attempts a quick and imperfect method of determining which path parts have glob magic without fully parsing/lexing the pattern. There are some advanced use cases that can trip it up, such as nested braces where the outer pair is escaped and the inner one contains a path separator. If you find yourself in the unlikely circumstance of being affected by this or need to ensure higher-fidelity glob handling in your library, it is recommended that you pre-process your input with expand-braces and/or expand-brackets.
Windows
Backslashes are not valid path separators for globs. If a path with backslashes is provided anyway, for simple cases, glob-parent will replace the path separator for you and return the non-glob parent path (now with forward-slashes, which are still valid as Windows path separators).
This cannot be used in conjunction with escape characters.
1// BAD 2globParent('C:\\Program Files \\(x86\\)\\*.ext'); // 'C:/Program Files /(x86/)' 3 4// GOOD 5globParent('C:/Program Files\\(x86\\)/*.ext'); // 'C:/Program Files (x86)'
If you are using escape characters for a pattern without path parts (i.e.
relative to cwd), prefix with ./ to avoid confusing glob-parent.
1// BAD 2globParent('foo \\[bar]'); // 'foo ' 3globParent('foo \\[bar]*'); // 'foo ' 4 5// GOOD 6globParent('./foo \\[bar]'); // 'foo [bar]' 7globParent('./foo \\[bar]*'); // '.'
License
ISC
Stable Version
The latest stable version of the package.
Stable Version
6.0.2
HIGH
2
HIGH
7.5/10
Summary
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex
Affected Versions
>= 4.0.0, < 5.1.2
Patched Versions
5.1.2
HIGH
7.5/10
Summary
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service
Affected Versions
= 6.0.0
Patched Versions
6.0.1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: ISC License: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/gulpjs/.github/SECURITY.md:1
- Info: Found linked content: github.com/gulpjs/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/gulpjs/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/gulpjs/.github/SECURITY.md:1
Reason
Found 6/27 approved changesets -- score normalized to 2
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/gulpjs/glob-parent/dev.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/gulpjs/glob-parent/dev.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/gulpjs/glob-parent/dev.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/gulpjs/glob-parent/dev.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/gulpjs/glob-parent/dev.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/gulpjs/glob-parent/dev.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/gulpjs/glob-parent/release.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/dev.yml:50
- Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 4 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/dev.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 9 are checked with a SAST tool
Score
4.2
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More