es-check icon indicating copy to clipboard operation
es-check copied to clipboard

Published 20 hours ago verified publisher icon yowainwright

Alternative to glob

Open jimmywarting opened this issue 2 years ago • 2 comments

Requested Update

Ditch glob

Why Is This Update Needed?

  • Every (sub)dependency is a potential vulnerable security risk 78% of vulnerabilities are found in indirect dependencies
  • There is a built in option to list files recursively.
  • And even without it, it could be very easy to implement a async iterator to do it
  • the native option is probably way faster
  • reduce dependencies / size
  • this are all the things you include by using glob

image

Are There Examples Of This Requested Update Elsewhere?

import { readdir } from 'node:fs/promises'

const files = await readdir(path, { recursive: true })

for (const file of files)
  console.log(file)

Since it's relative new, a own approch to this would be to just do:

import { opendir } from 'node:fs/promises'
import { join } from 'node:path'

/** @parma {string} path */
async function* readdir(path) {
  const dir = await opendir(path)
  for await (const dirent of dir) {
    const name = join(path, dirent.name)
    if (dirent.isDirectory()) {
      yield* listDir(name)
    } else {
      yield name
    }
  }
}

const files = await readdir(path)

for (const file of files)
  console.log(file)

This solution is probably way faster than any gulp alternative and to provide more fine gradient filter create some default filter- generator

async function * match (iterable) {
  for await (const file of iterable)
    if (!file.include('node_module') && file.endsWith('.js')) yield file
}

for await (const file of match( readdir(path) )) {
  esCheck(path)
}

it dose not really need to be any fancy glob syntax

Read about references issues here. Provide paragraph text responses to each header.

jimmywarting avatar May 21 '23 13:05 jimmywarting

@jimmywarting sorry it took me so long to see this! I'm on it asap!

yowainwright avatar Jul 20 '23 04:07 yowainwright

@jimmywarting I dug into this a bit last night using your suggestions and trying to hack something up quick myself. This seems like a fun improvement (and good for security) but a higher effort task to do safely regarding the product.

It may be a lower LOE to switch to tiny-glob which only depends on modules the author wrote. If you wanna do this work (?) or have recommendations, I'll all ears. 😃

yowainwright avatar Jul 25 '23 16:07 yowainwright