Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
@ably/vcdiff-decoder
Advanced tools
Readme
A Vcdiff decoder written in pure JavaScript. Supports the Vcdiff format, as specified in RFC 3284.
Tested and proven with Vcdiff patch/delta files generated from Google's open-vcdiff and Joshua MacDonald's xdelta.
npm install @ably/vcdiff-decoder
and require as:
const vcdiffPlugin = require('@ably/vcdiff-decoder');
Include the library in your HTML from our CDN:
<script src="https://cdn.ably.io/lib/vcdiff-decoder.min-1.js"></script>
We follow Semantic Versioning. To lock into a major or minor version of the client library, you can specify a specific version number - for example:
https://cdn.ably.io/lib/vcdiff-decoder.min-1.js
for latest 1.*
versionhttps://cdn.ably.io/lib/vcdiff-decoder.min-1.0.js
for latest v1.0.*
versionhttps://cdn.ably.io/lib/vcdiff-decoder.min-1.0.3.js
for version 1.0.3
explicitlyYou can load the non-minified version by omitting min-
from the URL, for example https://cdn.ably.io/lib/vcdiff-decoder-1.js
.
See tagged releases for available versions.
The following code sample shows how to use Vcdiff with Ably:
const Ably = require('ably');
const vcdiffPlugin = require('@ably/vcdiff-decoder');
const realtime = new Ably.Realtime({
key: 'YOUR_ABLY_KEY',
plugins: {
vcdiff: vcdiffPlugin
},
log: { level: 4 } // optional
});
const channel = realtime.channels.get('your-ably-channel', {
params: {
delta: 'vcdiff'
}
});
channel.subscribe(msg => console.log("Received message: ", msg));
decode(delta, source)
Synchronous decode. Parameters:
delta
: Uint8Array
- the binary Vcdiff format encoding of the patch/diff information needed to transform source
to the returned targetsource
: Uint8Array
- the group of bytes to transform to the returned target using by applying delta
Returns a Uint8Array
, the 'target', being the result of applying delta
to source
.
The vcdiff
dev dependency of this project, used for testing, fails to build against Node.js 9 and newer.
For this reason, until #3 has been addressed, the tests must be run against an environment with Node.js 8 installed.
At the time of writing this means:
vcdiff-decoder % node --version
v8.17.0
vcdiff-decoder % npm --version
6.13.4
For those who use
ASDF
or compatible tooling to manage their Node.js runtime versions, we have included a
.tool-versions
file.
You can trigger a build using Webpack with:
npm run grunt -- build
which creates vcdiff-decoder.js
and vcdiff-decoder.min.js
in the dist
folder.
To run all tests use:
npm test
Browser testing supported by
for which you will need to configure environment variables for BROWSERSTACK_USERNAME
and BROWSERSTACK_ACCESSKEY
.
On the main
branch:
/dist
folder by running npm run grunt -- release:patch
(or "major", "minor" or "prepatch" as appropriate - see grunt-bump Usage Examples)git push origin main --follow-tags
npm publish . --access public
(this package is configured to require that 2FA is used by publishers)npm run grunt -- publish-cdn
(operable by Ably staff only)FAQs
Pure JavaScript Vcdiff decoder that works with binary deltas from Google's open-vcdiff
The npm package @ably/vcdiff-decoder receives a total of 1,153 weekly downloads. As such, @ably/vcdiff-decoder popularity was classified as popular.
We found that @ably/vcdiff-decoder demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.