openclaw

openclaw / fs-safe

Public

Race-resistant root-bounded filesystem primitives for Node.js.

fs-safe.io file-access safe typescript
10
1
100% credibility
Found May 07, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
TypeScript
AI Summary

A library for Node.js apps to safely read, write, and extract files within a trusted folder, blocking path tricks and races.

How It Works

1
📁 Pick your safe folder

You choose a trusted folder on your computer where all your files will live securely.

2
🔗 Connect the helper

The app links to your folder so it can only touch files inside it, keeping everything safe.

3
📤 Add files or zip files

You upload notes, pictures, or zip archives, and the app handles them carefully.

4
🛡️ Safe extraction magic

The app unpacks zips or tars perfectly inside your folder without any sneaky escapes or risks.

5
📝 Read and edit freely

Now you can read, write, or update files like notes and configs, all locked safe.

Everything stays secure

Your folder has all your organized files, protected from accidents or tricks!

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is fs-safe?

fs-safe delivers race-resistant, root-bounded filesystem primitives for Node.js in TypeScript. Give it a trusted directory path, and it returns a handle for safe reads, writes, JSON ops, archive extraction, and temps on untrusted relative inputs—blocking escapes via .. traversal, symlink swaps, hardlinks, or TOCTOU races between check and use. It's like Go's os.Root or Rust's cap-std, but tailored for Node apps handling user paths securely.

Why is it gaining traction?

Node devs ditch fragile path.resolve() checks and scattered tools like write-file-atomic for fs-safe's unified root handle with built-in symlink/hardlink blocks, atomic replacements, secure archive unpack (ZIP/TAR), JSON stores, and secret files. The ergonomic API shines for fs safety meaning real protection without boilerplate, plus optional Python helper for POSIX fd-relative hardening.

Who should use this?

Node.js backend engineers securing upload handlers, plugin loaders, or CLIs against path tricks from untrusted inputs—like fs safety specialists in multi-tenant servers or geo safe play setups. Perfect for filesystem ops in agents, tools, or services where root-bounded access prevents escapes without full sandboxing.

Verdict

Grab it for production if you need safe Node.js fs primitives now—docs at fs-safe.io are thorough, tests hit 85%+ lines—but with 10 stars and 1.0% credibility score, it's early; monitor for ecosystem adoption before core deps.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.