Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
com.ning:compress-lzf
Advanced tools
Compression codec for LZF encoding for particularly encoding/decoding, with reasonable compression. Compressor is basic Lempel-Ziv codec, without Huffman (deflate/gzip) or statistical post-encoding. See "http://oldhome.schmorp.de/marc/liblzf.html" for more on original LZF package.
LZF-compress is a Java library for encoding and decoding data in LZF format, written by Tatu Saloranta (tatu.saloranta@iki.fi)
Data format and algorithm based on original LZF library by Marc A Lehmann. See LZF Format Specification for full description.
Format differs slightly from some other adaptations, such as the one used
by H2 database project (by Thomas Mueller);
although internal block compression structure is the same, block identifiers differ.
This package uses the original LZF identifiers to be 100% compatible with existing command-line lzf
tool(s).
LZF algorithm itself is optimized for speed, with somewhat more modest compression.
Compared to the standard Deflate
(algorithm gzip uses) LZF can be 5-6 times as fast to compress,
and twice as fast to decompress. Compression rate is lower since no Huffman-encoding is used
after lempel-ziv substring elimination.
Versions up to 1.0.4 require JDK 6; versions from 1.1 on require JDK 8.
Library has no external dependencies.
See Wiki for more details; here's a "TL;DNR" version.
Both compression and decompression can be done either by streaming approach:
InputStream in = new LZFInputStream(new FileInputStream("data.lzf"));
OutputStream out = new LZFOutputStream(new FileOutputStream("results.lzf"));
InputStream compIn = new LZFCompressingInputStream(new FileInputStream("stuff.txt"));
or by block operation:
byte[] compressed = LZFEncoder.encode(uncompressedData);
byte[] uncompressed = LZFDecoder.decode(compressedData);
and you can even use the LZF jar as a command-line tool (it has manifest that points to 'com.ning.compress.lzf.LZF' as the class having main() method to call), like so:
java -jar compress-lzf-1.1.1.jar
(which will display necessary usage arguments for -c
(ompressing) or -d
(ecompressing) files.
<dependency>
<groupId>com.ning</groupId>
<artifactId>compress-lzf</artifactId>
<version>1.1.1</version>
</dependency>
Starting with version 1.1, module-info.class
is included; module name is com.ning.compress.lzf
so you will need to use:
requires com.ning.compress.lzf
Since the compression is more CPU-heavy than decompression, it could benefit from concurrent operation. This works well with LZF because of its block-oriented nature, so that although there is need for sequential processing within block (of up to 64kB), encoding of separate blocks can be done completely independently: there are no dependencies to earlier blocks.
The main abstraction to use is PLZFOutputStream
which a FilterOutputStream
and implements
java.nio.channels.WritableByteChannel
as well. It use is like that of any OutputStream
:
PLZFOutputStream output = new PLZFOutputStream(new FileOutputStream("stuff.lzf"));
// then write contents:
output.write(buffer);
// ...
output.close();
Besides Java support, LZF codecs / bindings exist for non-JVM languages as well:
Check out jvm-compress-benchmark for comparison of space- and time-efficiency of this LZF implementation, relative other available Java-accessible compression libraries.
LZF belongs to a family of compression codecs called "simple Lempel-Ziv" codecs.
Since LZ compression is also the first part of deflate
compression (which is used,
along with simple framing, for gzip
), it can be viewed as "first-part of gzip"
(second part being Huffman-encoding of compressed content).
There are many other codecs in this category, most notable (and competitive being)
all of which have very similar compression ratios (due to same underlying algorithm, differences coming from slight encoding variations, and efficiency differences in back-reference matching), and similar performance profiles regarding ratio of compression vs uncompression speeds.
FAQs
Compression codec for LZF encoding for particularly encoding/decoding, with reasonable compression. Compressor is basic Lempel-Ziv codec, without Huffman (deflate/gzip) or statistical post-encoding. See "http://oldhome.schmorp.de/marc/liblzf.html" for more on original LZF package.
We found that com.ning:compress-lzf demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.