Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@bufbuild/protobuf
Advanced tools
A complete implementation of Protocol Buffers in TypeScript, suitable for web browsers and Node.js.
@bufbuild/protobuf is an npm package that provides tools for working with Protocol Buffers (protobufs) in JavaScript and TypeScript. It allows you to define, serialize, and deserialize structured data efficiently.
Define Protobuf Messages
This feature allows you to define protobuf messages using JavaScript classes. The `@Field.d` decorator is used to specify the field number and type.
const { Message, Field } = require('@bufbuild/protobuf');
class Person extends Message {
@Field.d(1, 'string')
name = '';
@Field.d(2, 'int32')
age = 0;
}
const person = new Person({ name: 'John Doe', age: 30 });
console.log(person);
Serialize Protobuf Messages
This feature allows you to serialize a protobuf message into a binary format. The `encode` method is used to convert the message into a buffer.
const { Message, Field } = require('@bufbuild/protobuf');
class Person extends Message {
@Field.d(1, 'string')
name = '';
@Field.d(2, 'int32')
age = 0;
}
const person = new Person({ name: 'John Doe', age: 30 });
const buffer = Person.encode(person).finish();
console.log(buffer);
Deserialize Protobuf Messages
This feature allows you to deserialize a binary buffer back into a protobuf message. The `decode` method is used to convert the buffer back into a message object.
const { Message, Field } = require('@bufbuild/protobuf');
class Person extends Message {
@Field.d(1, 'string')
name = '';
@Field.d(2, 'int32')
age = 0;
}
const buffer = new Uint8Array([10, 8, 74, 111, 104, 110, 32, 68, 111, 101, 16, 30]);
const person = Person.decode(buffer);
console.log(person);
protobufjs is a popular library for working with Protocol Buffers in JavaScript. It provides similar functionalities to @bufbuild/protobuf, such as defining, serializing, and deserializing protobuf messages. However, protobufjs has been around longer and has a larger user base.
google-protobuf is the official Protocol Buffers library for JavaScript provided by Google. It offers core functionalities for working with protobufs, including message definition, serialization, and deserialization. Compared to @bufbuild/protobuf, google-protobuf is more closely aligned with Google's protobuf ecosystem.
This package provides the runtime library for the protoc-gen-es code generator plugin.
A complete implementation of Protocol Buffers in TypeScript, suitable for web browsers and Node.js, created by Buf.
Protobuf-ES is a solid, modern alternative to existing Protobuf implementations for the JavaScript ecosystem. It's the first project in this space to provide a comprehensive plugin framework and decouple the base types from RPC functionality.
Some additional features that set it apart from the others:
npm install @bufbuild/protobuf
To learn how to work with @bufbuild/protobuf
, check out the docs for the Runtime API
and the generated code.
Official documentation for the Protobuf-ES project can be found at github.com/bufbuild/protobuf-es.
For more information on Buf, check out the official Buf documentation.
A complete code example can be found in the Protobuf-ES repo here.
FAQs
A complete implementation of Protocol Buffers in TypeScript, suitable for web browsers and Node.js.
We found that @bufbuild/protobuf demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.