Gathering detailed insights and metrics for tiny-glob
Gathering detailed insights and metrics for tiny-glob
Super tiny and ~350% faster alternative to node-glob
Installations
npm install tiny-globDeveloper Guide
BETA
Typescript
Yes
Module System
N/A
Node Version
14.15.1
NPM Version
7.8.0
Score
99.3
Supply Chain
97.9
Quality
75.5
Maintenance
100
Vulnerability
100
License
Releases
3
Languages
1
JavaScript
JavaScript (100%)
Developer
terkelg
Download Statistics
Total Downloads
337,916,785
Last Day
97,282
Last Week
1,477,836
Last Month
6,378,824
Last Year
74,847,992
GitHub Statistics
MIT License
852 Stars
113 Commits
26 Forks
10 Watchers
8 Branches
10 Contributors
Updated on Jun 25, 2025
Bundle Size
4.22 kB
Minified
1.91 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
0.2.9
Package Id
tiny-glob@0.2.9
Size
3.99 kB
NPM Version
7.8.0
Node Version
14.15.1
Published on
May 14, 2021
Total Downloads
Cumulative downloads
Total Downloads
337,916,785
Last Day
-22.4%
97,282
Compared to previous day
Last Week
-13.2%
1,477,836
Compared to previous week
Last Month
5.9%
6,378,824
Compared to previous month
Last Year
-29.8%
74,847,992
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
tiny glob
Tiny and extremely fast library to match files and folders using glob patterns.
"Globs" is the common name for a specific type of pattern used to match files and folders. It's the patterns you type when you do stuff like ls *.js in your shell or put src/* in a .gitignore file. When used to match filenames, it's sometimes called a "wildcard".
Install
npm install tiny-glob
Core Features
- ???? extremely fast: ~350% faster than node-glob and ~230% faster than fast-glob
- ???? powerful: supports advanced globbing patterns (
ExtGlob) - ???? tiny: only ~45 LOC with 2 small dependencies
- ???? friendly: simple and easy to use api
- ???? cross-platform: supports both unix and windows
Usage
1const glob = require('tiny-glob'); 2 3(async function(){ 4 let files = await glob('src/*/*.{js,md}'); 5 // => [ ... ] array of matching files 6})();
API
glob(str, options)
Type: function
Returns: Array
Return array of matching files and folders
This function is async and returns a promise.
str
Type: String
The glob pattern to match against.
OBS: Please only use forward-slashes in glob expressions. Even on windows
options.cwd
Type: String
Default: '.'
Change default working directory.
options.dot
Type: Boolean
Default: false
Allow patterns to match filenames or directories that begin with a period (.).
options.absolute
Type: Boolean
Default: false
Return matches as absolute paths.
options.filesOnly
Type: Boolean
Default: false
Skip directories and return matched files only.
options.flush
Type: Boolean
Default: false
Flush the internal cache object.
Windows
Though Windows may use /, \, or \\ as path separators, you can only use forward-slashes (/) when specifying glob expressions. Any back-slashes (\) will be interpreted as escape characters instead of path separators.
This is common across many glob-based modules; see node-glob for corroboration.
Benchmarks
glob x 13,405 ops/sec ±1.80% (85 runs sampled)
fast-glob x 25,745 ops/sec ±2.76% (59 runs sampled)
tiny-glob x 102,658 ops/sec ±0.79% (91 runs sampled)
Fastest is tiny-glob
┌───────────┬─────────────────────────┬─────────────┬────────────────┐
│ Name │ Mean time │ Ops/sec │ Diff │
├───────────┼─────────────────────────┼─────────────┼────────────────┤
│ glob │ 0.00007459990597268128 │ 13,404.843 │ N/A │
├───────────┼─────────────────────────┼─────────────┼────────────────┤
│ fast-glob │ 0.000038842529587611705 │ 25,744.976 │ 92.06% faster │
├───────────┼─────────────────────────┼─────────────┼────────────────┤
│ tiny-glob │ 0.00000974110141018254 │ 102,657.796 │ 298.75% faster │
└───────────┴─────────────────────────┴─────────────┴────────────────┘
Advanced Globbing
Learn more about advanced globbing
License
MIT © Terkel Gjervig
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: license:0
- Info: FSF or OSI recognized license: MIT License: license:0
Reason
Found 13/28 approved changesets -- score normalized to 4
Reason
7 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/terkelg/tiny-glob/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/terkelg/tiny-glob/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/terkelg/tiny-glob/ci.yml/master?enable=pin
- Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 16 are checked with a SAST tool
Score
3.3
/10
Last Scanned on 2025-06-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More