You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 7-8.RSVP
Sign inDemoInstall


Package Overview
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies



Pure JavaScript Vcdiff decoder that works with binary deltas from Google's open-vcdiff

Version published
Weekly downloads
decreased by-2.36%
Weekly downloads



Vcdiff Decoder

Build Status npm version

A Vcdiff decoder written in pure JavaScript. Supports the Vcdiff format, as specified in RFC 3284.

Tested and proven with Vcdiff patch/delta files generated from Google's open-vcdiff and Joshua MacDonald's xdelta.

Installation from npm for Node.js

npm install @ably/vcdiff-decoder

and require as:

const vcdiffPlugin = require('@ably/vcdiff-decoder');

Script include for Web Browsers

Include the library in your HTML from our CDN:

<script src=""></script>

We follow Semantic Versioning. To lock into a major or minor version of the client library, you can specify a specific version number - for example:

  • for latest 1.* version
  • for latest v1.0.* version
  • for version 1.0.3 explicitly

You can load the non-minified version by omitting min- from the URL, for example

See tagged releases for available versions.


The following code sample shows how to use Vcdiff with Ably:

const Ably = require('ably');
const vcdiffPlugin = require('@ably/vcdiff-decoder');

const realtime = new Ably.Realtime({
    key: 'YOUR_ABLY_KEY',
    plugins: {
        vcdiff: vcdiffPlugin
    log: { level: 4 } // optional

const channel = realtime.channels.get('your-ably-channel', {
    params: {
        delta: 'vcdiff'

channel.subscribe(msg => console.log("Received message: ", msg));

Exported Functions

decode(delta, source)

Synchronous decode. Parameters:

  • delta: Uint8Array - the binary Vcdiff format encoding of the patch/diff information needed to transform source to the returned target
  • source: Uint8Array - the group of bytes to transform to the returned target using by applying delta

Returns a Uint8Array, the 'target', being the result of applying delta to source.




The vcdiff dev dependency of this project, used for testing, fails to build against Node.js 9 and newer. For this reason, until #3 has been addressed, the tests must be run against an environment with Node.js 8 installed.

At the time of writing this means:

vcdiff-decoder % node --version
vcdiff-decoder % npm --version

For those who use ASDF or compatible tooling to manage their Node.js runtime versions, we have included a .tool-versions file.


The version of node-gyp bundled with the above-mentioned version of NPM uses an API that was removed in Python 3.9, causing npm install to fail. So, you must use Python 3.8 or earlier.

For those who use ASDF or compatible tooling to manage their Python runtime versions, we have included a .tool-versions file.


You can trigger a build using Webpack with:

npm run grunt -- build

which creates vcdiff-decoder.js and vcdiff-decoder.min.js in the dist folder, and vcdiff-decoder.js in the build/cjs folder.


To run all tests use:

npm test

Browser testing supported by

for which you will need to configure environment variables for BROWSERSTACK_USERNAME and BROWSERSTACK_ACCESSKEY.

Release Procedure

On the main branch:

  1. Increment the version, regenerate from source (a.k.a. build / bundle) and make a tagged commit which includes the built output from the /dist and /build folders by running npm run grunt -- release:patch (or "major", "minor" or "prepatch" as appropriate - see grunt-bump Usage Examples)
  2. Release the tagged commit to Github using git push origin main --follow-tags
  3. Release to NPM using npm publish . --access public (this package is configured to require that 2FA is used by publishers)
  4. Release to Ably's CDN using npm run grunt -- publish-cdn (operable by Ably staff only)
  5. Visit tags and draft new release for the newly created tag



Package last updated on 27 Nov 2023

Did you know?


Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog


Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc