Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@elastic/filesaver
Advanced tools
FileSaver.js implements the HTML5 W3C saveAs()
FileSaver interface in browsers that do
not natively support it. There is a FileSaver.js demo that demonstrates saving
various media types.
FileSaver.js is the solution to saving files on the client-side, and is perfect for webapps that need to generate files, or for saving sensitive information that shouldn't be sent to an external server.
Looking for canvas.toBlob()
for saving canvases? Check out
canvas-toBlob.js for a cross-browser implementation.
Browser | Constructs as | Filenames | Max Blob Size | Dependencies |
---|---|---|---|---|
Firefox 20+ | Blob | Yes | 800 MiB | None |
Firefox < 20 | data: URI | No | n/a | Blob.js |
Chrome | Blob | Yes | 500 MiB | None |
Chrome for Android | Blob | Yes | 500 MiB | None |
IE 10+ | Blob | Yes | 600 MiB | None |
Opera 15+ | Blob | Yes | 500 MiB | None |
Opera < 15 | data: URI | No | n/a | Blob.js |
Safari 6.1+* | Blob | No | ? | None |
Safari < 6 | data: URI | No | n/a | Blob.js |
Feature detection is possible:
try {
var isFileSaverSupported = !!new Blob;
} catch (e) {}
It is possible to save text files in IE < 10 without Flash-based polyfills.
See ChenWenBrian and koffsyrup's saveTextAs()
for more details.
Blobs may be opened instead of saved sometimes—you may have to direct your Safari users to manually
press ⌘+S to save the file after it is opened. Using the application/octet-stream
MIME type to force downloads can cause issues in Safari.
saveAs must be run within a user interaction event such as onTouchDown or onClick; setTimeout will prevent saveAs from triggering. Due to restrictions in iOS saveAs opens in a new window instead of downloading, if you want this fixed please tell Apple how this bug is affecting you.
FileSaver saveAs(in Blob data, in DOMString filename)
var blob = new Blob(["Hello, world!"], {type: "text/plain;charset=utf-8"});
saveAs(blob, "hello world.txt");
The standard W3C File API Blob
interface is not available in all browsers.
Blob.js is a cross-browser Blob
implementation that solves this.
var canvas = document.getElementById("my-canvas"), ctx = canvas.getContext("2d");
// draw to canvas...
canvas.toBlob(function(blob) {
saveAs(blob, "pretty image.png");
});
Note: The standard HTML5 canvas.toBlob()
method is not available in all browsers.
canvas-toBlob.js is a cross-browser canvas.toBlob()
that polyfills this.
The FileSaver.js
distribution file is compiled with Uglify.js like so:
uglifyjs FileSaver.js --comments /@source/ > FileSaver.min.js
Please make sure you build a production version before submitting a pull request.
Please see the this repo for a bower-compatible fork of FileSaver.js, available under the package name file-saver.js
.
FAQs
https://github.com/eligrey/FileSaver.js
We found that @elastic/filesaver demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.