Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@ably/vcdiff-decoder
Advanced tools
Pure JavaScript Vcdiff decoder that works with binary deltas from Google's open-vcdiff
A Vcdiff decoder written in pure JavaScript. Supports the Vcdiff format, as specified in RFC 3284.
Tested and proven with Vcdiff patch/delta files generated from Google's open-vcdiff and Joshua MacDonald's xdelta.
npm install @ably/vcdiff-decoder
and require as:
const vcdiffPlugin = require('@ably/vcdiff-decoder');
Include the library in your HTML from our CDN:
<script src="https://cdn.ably.io/lib/vcdiff-decoder.min-1.js"></script>
We follow Semantic Versioning. To lock into a major or minor version of the client library, you can specify a specific version number - for example:
https://cdn.ably.io/lib/vcdiff-decoder.min-1.js
for latest 1.*
versionhttps://cdn.ably.io/lib/vcdiff-decoder.min-1.0.js
for latest v1.0.*
versionhttps://cdn.ably.io/lib/vcdiff-decoder.min-1.0.3.js
for version 1.0.3
explicitlyYou can load the non-minified version by omitting min-
from the URL, for example https://cdn.ably.io/lib/vcdiff-decoder-1.js
.
See tagged releases for available versions.
The following code sample shows how to use Vcdiff with Ably:
const Ably = require('ably');
const vcdiffPlugin = require('@ably/vcdiff-decoder');
const realtime = new Ably.Realtime({
key: 'YOUR_ABLY_KEY',
plugins: {
vcdiff: vcdiffPlugin
},
log: { level: 4 } // optional
});
const channel = realtime.channels.get('your-ably-channel', {
params: {
delta: 'vcdiff'
}
});
channel.subscribe(msg => console.log("Received message: ", msg));
decode(delta, source)
Synchronous decode. Parameters:
delta
: Uint8Array
- the binary Vcdiff format encoding of the patch/diff information needed to transform source
to the returned targetsource
: Uint8Array
- the group of bytes to transform to the returned target using by applying delta
Returns a Uint8Array
, the 'target', being the result of applying delta
to source
.
The vcdiff
dev dependency of this project, used for testing, fails to build against Node.js 9 and newer.
For this reason, until #3 has been addressed, the tests must be run against an environment with Node.js 8 installed.
At the time of writing this means:
vcdiff-decoder % node --version
v8.17.0
vcdiff-decoder % npm --version
6.13.4
For those who use
ASDF
or compatible tooling to manage their Node.js runtime versions, we have included a
.tool-versions
file.
The version of node-gyp
bundled with the above-mentioned version of NPM uses an API that was removed in Python 3.9, causing npm install
to fail. So, you must use Python 3.8 or earlier.
For those who use
ASDF
or compatible tooling to manage their Python runtime versions, we have included a
.tool-versions
file.
You can trigger a build using Webpack with:
npm run grunt -- build
which creates vcdiff-decoder.js
and vcdiff-decoder.min.js
in the dist
folder, and vcdiff-decoder.js
in the build/cjs
folder.
To run all tests use:
npm test
Browser testing supported by
for which you will need to configure environment variables for BROWSERSTACK_USERNAME
and BROWSERSTACK_ACCESSKEY
.
On the main
branch:
/dist
and /build
folders by running npm run grunt -- release:patch
(or "major", "minor" or "prepatch" as appropriate - see grunt-bump Usage Examples)git push origin main --follow-tags
npm publish . --access public
(this package is configured to require that 2FA is used by publishers)npm run grunt -- publish-cdn
(operable by Ably staff only)FAQs
Pure JavaScript Vcdiff decoder that works with binary deltas from Google's open-vcdiff
The npm package @ably/vcdiff-decoder receives a total of 520 weekly downloads. As such, @ably/vcdiff-decoder popularity was classified as not popular.
We found that @ably/vcdiff-decoder demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.