@albanm/cfb
Advanced tools
Pure JS implementation of various container file formats, including ZIP and CFB.
In the browser:
<script src="dist/cfb.min.js" type="text/javascript"></script>
With npm:
$ npm install cfb
The xlscfb.js file is designed to be embedded in js-xlsx
In node:
var CFB = require('cfb');
For example, to get the Workbook content from an Excel 2003 XLS file:
var cfb = CFB.read(filename, {type: 'file'});
var workbook = CFB.find(cfb, 'Workbook');
var data = workbook.content;
It is preferable to install the library globally with npm:
$ npm install -g cfb
The global installation adds a command cfb which can work with files:
cfb file [names...] extracts the contents of the file. If additional names
are supplied, only the listed files will be extracted.
cfb -l file lists the contained files (following unzip -l "short format")
cfb -r file attempts to repair by reading and re-writing the file.
This fixes some issues with files generated by non-standard tools.
cfb -c file [files...] creates a new file containing the listed files.
The default root entry name is Root Entry.
cfb -a file [files...] adds the listed files to the original file.
cfb -d file [files...] deletes the listed files from the original file.
TypeScript definitions are maintained in types/index.d.ts.
The CFB object exposes the following methods and properties:
CFB.parse(blob) takes a nodejs Buffer or an array of bytes and returns an
parsed representation of the data.
CFB.read(blob, opts) wraps parse.
CFB.find(cfb, path) performs a case-insensitive match for the path (or file
name, if there are no slashes) and returns an entry object or null if not found.
CFB.write(cfb, opts) generates a file based on the container.
CFB.writeFile(cfb, filename, opts) creates a file with the specified name.
CFB.read takes an options argument. opts.type controls the behavior:
type | expected input |
|---|---|
"base64" | string: Base64 encoding of the file |
"binary" | string: binary string (byte n is data.charCodeAt(n)) |
"file" | string: path of file that will be read (nodejs only) |
| (default) | buffer or array of 8-bit unsigned int (byte n is data[n]) |
CFB.write and CFB.writeFile take options argument.
opts.type controls the behavior:
type | output |
|---|---|
"base64" | string: Base64 encoding of the file |
"binary" | string: binary string (byte n is data.charCodeAt(n)) |
"file" | string: path of file that will be created (nodejs only) |
| (default) | buffer if available, array of 8-bit unsigned int otherwise |
opts.fileType controls the output file type:
fileType | output |
|---|---|
'cfb' (default) | CFB container |
'zip' | ZIP file |
opts.compression enables DEFLATE compression for ZIP file type.
The utility functions are available in the CFB.utils object. Functions that
accept a name argument strictly deal with absolute file names:
.cfb_new(?opts) creates a new container object..cfb_add(cfb, name, ?content, ?opts) adds a new file to the cfb.
Set the option {unsafe:true} to skip existence checks (for bulk additions).cfb_del(cfb, name) deletes the specified file.cfb_mov(cfb, old_name, new_name) moves the old file to new path and name.use_zlib(require("zlib")) loads a nodejs zlib instance.By default, the library uses a pure JS inflate/deflate implementation. NodeJS
zlib.InflateRaw exposes the number of bytes read in versions after 8.11.0.
If a supplied zlib does not support the required features, a warning will be
displayed in the console and the pure JS fallback will be used.
The objects returned by parse and read have the following properties:
.FullPaths is an array of the names of all of the streams (files) and
storages (directories) in the container. The paths are properly prefixed from
the root entry (so the entries are unique)
.FileIndex is an array, in the same order as .FullPaths, whose values are
objects following the schema:
interface CFBEntry {
name: string; /** Case-sensitive internal name */
type: number; /** 1 = dir, 2 = file, 5 = root ; see [MS-CFB] 2.6.1 */
content: Buffer | number[] | Uint8Array; /** Raw Content */
ct?: Date; /** Creation Time */
mt?: Date; /** Modification Time */
}
Please consult the attached LICENSE file for details. All rights not explicitly granted by the Apache 2.0 License are reserved by the Original Author.
APPNOTE.TXT: https://pkware.cachefly.net/webdocs/APPNOTE/APPNOTE-6.3.4.TXTFAQs
Compound File Binary File Format extractor
We found that @albanm/cfb demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.