Gathering detailed insights and metrics for write-file-atomic
Gathering detailed insights and metrics for write-file-atomic
Write files in an atomic fashion w/configurable ownership
Installations
npm install write-file-atomicDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
^18.17.0 || >=20.5.0
Node Version
22.9.0
NPM Version
10.8.3
Score
99.6
Supply Chain
96.6
Quality
82.9
Maintenance
100
Vulnerability
100
License
Releases
8
Languages
1
JavaScript
JavaScript (100%)
Developer
npm
Download Statistics
Total Downloads
10,388,884,018
Last Day
3,183,996
Last Week
58,753,830
Last Month
255,207,838
Last Year
2,688,625,262
GitHub Statistics
ISC License
236 Stars
195 Commits
47 Forks
17 Watchers
2 Branches
89 Contributors
Updated on Apr 28, 2025
Bundle Size
4.33 kB
Minified
1.72 kB
Minified + Gzipped
Maintainers
6
Package Meta Information
Latest Version
6.0.0
Package Id
write-file-atomic@6.0.0
Unpacked Size
11.92 kB
Size
4.34 kB
File Count
4
NPM Version
10.8.3
Node Version
22.9.0
Published on
Sep 25, 2024
Total Downloads
Cumulative downloads
Total Downloads
10,388,884,018
Last Day
-10.8%
3,183,996
Compared to previous day
Last Week
-8.5%
58,753,830
Compared to previous week
Last Month
4.6%
255,207,838
Compared to previous month
Last Year
15.6%
2,688,625,262
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Dev Dependencies
3
write-file-atomic
This is an extension for node's fs.writeFile that makes its operation
atomic and allows you set ownership (uid/gid of the file).
writeFileAtomic(filename, data, [options], [callback])
Description:
Atomically and asynchronously writes data to a file, replacing the file if it already exists. data can be a string or a buffer.
Options:
- filename String
- data String | Buffer
- options Object | String
- chown Object default, uid & gid of existing file, if any
- uid Number
- gid Number
- encoding String | Null default = 'utf8'
- fsync Boolean default = true
- mode Number default, from existing file, if any
- tmpfileCreated Function called when the tmpfile is created
- chown Object default, uid & gid of existing file, if any
- callback Function
Usage:
1var writeFileAtomic = require('write-file-atomic') 2writeFileAtomic(filename, data, [options], [callback])
The file is initially named filename + "." + murmurhex(__filename, process.pid, ++invocations).
Note that require('worker_threads').threadId is used in addition to process.pid if running inside of a worker thread.
If writeFile completes successfully then, if passed the chown option it will change
the ownership of the file. Finally it renames the file back to the filename you specified. If
it encounters errors at any of these steps it will attempt to unlink the temporary file and then
pass the error back to the caller.
If multiple writes are concurrently issued to the same file, the write operations are put into a queue and serialized in the order they were called, using Promises. Writes to different files are still executed in parallel.
If provided, the chown option requires both uid and gid properties or else
you'll get an error. If chown is not specified it will default to using
the owner of the previous file. To prevent chown from being ran you can
also pass false, in which case the file will be created with the current user's credentials.
If mode is not specified, it will default to using the permissions from
an existing file, if any. Expicitly setting this to false remove this default, resulting
in a file created with the system default permissions.
If options is a String, it's assumed to be the encoding option. The encoding option is ignored if data is a buffer. It defaults to 'utf8'.
If the fsync option is false, writeFile will skip the final fsync call.
If the tmpfileCreated option is specified it will be called with the name of the tmpfile when created.
Example:
1writeFileAtomic('message.txt', 'Hello Node', {chown:{uid:100,gid:50}}, function (err) { 2 if (err) throw err; 3 console.log('It\'s saved!'); 4});
This function also supports async/await:
1(async () => { 2 try { 3 await writeFileAtomic('message.txt', 'Hello Node', {chown:{uid:100,gid:50}}); 4 console.log('It\'s saved!'); 5 } catch (err) { 6 console.error(err); 7 process.exit(1); 8 } 9})();
writeFileAtomicSync(filename, data, [options])
Description:
The synchronous version of writeFileAtomic.
Usage:
1var writeFileAtomicSync = require('write-file-atomic').sync 2writeFileAtomicSync(filename, data, [options])
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
all changesets reviewed
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: ISC License: LICENSE.md:0
Reason
0 existing vulnerabilities detected
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 12 commits out of 30 are checked with a SAST tool
Reason
2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/audit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/audit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/ci-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/ci-release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/ci-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/ci-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/ci-release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/ci-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/post-dependabot.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/post-dependabot.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/post-dependabot.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/pull-request.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/pull-request.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-integration.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/release-integration.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-integration.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/release-integration.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:236: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:284: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:304: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/write-file-atomic/release.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/audit.yml:41
- Warn: npmCommand not pinned by hash: .github/workflows/ci-release.yml:62
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:45
- Warn: npmCommand not pinned by hash: .github/workflows/post-dependabot.yml:39
- Warn: npmCommand not pinned by hash: .github/workflows/pull-request.yml:45
- Warn: npmCommand not pinned by hash: .github/workflows/release-integration.yml:56
- Warn: npmCommand not pinned by hash: .github/workflows/release.yml:50
- Warn: npmCommand not pinned by hash: .github/workflows/release.yml:130
- Info: 0 out of 26 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 12 third-party GitHubAction dependencies pinned
- Info: 0 out of 8 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:25
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:24
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:247
- Info: topLevel 'contents' permission set to 'read': .github/workflows/audit.yml:12
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-release.yml:22
- Warn: topLevel 'checks' permission set to 'write': .github/workflows/ci-release.yml:23
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:16
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:17
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/post-dependabot.yml:8
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pull-request.yml:14
- Info: topLevel 'contents' permission set to 'read': .github/workflows/release-integration.yml:23
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:11
- Warn: topLevel 'checks' permission set to 'write': .github/workflows/release.yml:13
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
6.2
/10
Last Scanned on 2025-06-09
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More