Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
com.ashampoo:kim-macosarm64
Advanced tools
Kotlin Multiplatform library for image metadata manipulation
Kim is a Kotlin Multiplatform library for reading and writing image metadata.
It's part of Ashampoo Photo Organizer.
eXIf
chunk & XMP
tEXt
/zTXt
chunkKim.update()
API to perform updates to the relevant places
The future development of features on our part is driven entirely by the needs of Ashampoo Photo Organizer, which, in turn, is driven by user community feedback.
implementation("com.ashampoo:kim:0.20.1")
For the targets wasmJs
& js
you also need to specify this:
implementation(npm("pako", "2.1.0"))
Kim.readMetadata()
takes kotlin.ByteArray
on all platforms and depending on
the platform also kotlinx.io.files.Path
, Ktor Source
& ByteReadChannel
,
java.io.File
, java.io.InputStream
, NSData
and String
paths.
val bytes: ByteArray = loadBytes()
val metadata = Kim.readMetadata(bytes)
/* ImageMetadata has a proper toString() similar to the output of ExifTool */
println(metadata)
val orientation = metadata.findShortValue(TiffTag.TIFF_TAG_ORIENTATION)
println("Orientation: $orientation")
val takenDate = metadata.findStringValue(ExifTag.EXIF_TAG_DATE_TIME_ORIGINAL)
println("Taken date: $takenDate")
This creates an instance of PhotoMetadata. It contains the following:
val bytes: ByteArray = loadBytes()
val photoMetadata = Kim.readMetadata(bytes).convertToPhotoMetadata()
val inputFile = File("myphoto.jpg")
val outputFile = File("myphoto_changed.jpg")
val metadata = Kim.readMetadata(inputFile)
val outputSet: TiffOutputSet = metadata.exif?.createOutputSet() ?: TiffOutputSet()
val rootDirectory = outputSet.getOrCreateRootDirectory()
rootDirectory.removeField(TiffTag.TIFF_TAG_ORIENTATION)
rootDirectory.add(TiffTag.TIFF_TAG_ORIENTATION, 8)
OutputStreamByteWriter(outputFile.outputStream()).use { outputStreamByteWriter ->
JpegRewriter.updateExifMetadataLossless(
byteReader = JvmInputStreamByteReader(inputFile.inputStream(), inputFile.length()),
byteWriter = outputStreamByteWriter,
outputSet = outputSet
)
}
See the example project for more details.
val bytes: ByteArray = loadBytes()
val newBytes = Kim.update(
bytes = bytes,
update = MetadataUpdate.Orientation(TiffOrientation.ROTATE_RIGHT)
)
See AbstractUpdaterTest for more samples.
val bytes: ByteArray = loadBytes()
val thumbnailBytes: ByteArray = loadThumbnailBytes()
val newBytes = Kim.updateThumbnail(
bytes = bytes,
thumbnailBytes = thumbnailBytes
)
See the Java example project how to use Kim in Java projects.
In the processing of HEIC and AVIF files, we handle them as standard ISOBMFF-based files, adhering rigorously to the EIC/ISO 14496-12 specification. To preempt potential legal issues, we intentionally omit certain boxes outlined in the HEIC specification, notably the image size ("ispe") and image rotation ("irot") boxes. This approach extends to AVIF images, as they repurpose the same boxes.
Contributions to Ashampoo Kim are welcome! If you encounter any issues, have suggestions for improvements, or would like to contribute new features, please feel free to submit a pull request.
This code is under the Apache License 2.0.
See the NOTICE.txt
file for required notices and attributions.
FAQs
Kotlin Multiplatform library for image metadata manipulation
We found that com.ashampoo:kim-macosarm64 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.