Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@ffmpeg.wasm/main
Advanced tools
Thanks to Jerome Wu for creating the very cool package ffmpegwasm!
However, because this package hasn't been updated in a long time, a lot of features are on hold and it's not compatible with node18 and above (because the emsdk version is too old). So I decided to maintain a fork, fix the problems and continue development iterations.
Update: Jerome Wu updated ffmpegwasm, but dropped nodejs support because "If you are not in browser, there are a lot of better choices than using WebAssembly for a better performance ". However, I don't entirely agree with this. WebAssembly gives us the possibility of run programs at high performance in both native and browser environments with the same code. The convenience and portability it brings is unmatched by any other solution, and the current performance issues will hopefully be resolved in the foreseeable future. So I decide to keep maintaining this project.
Feel free to create issues or pull requests ヾ(≧▽≦*)o
See the Todos section for more plans
@ffmpeg/ffmpeg
=> @ffmpeg.wasm/main
@ffmpeg/core
& @ffmpeg/core-mt
=> @ffmpeg.wasm/core-mt
@ffmpeg/core-st
=> @ffmpeg.wasm/core-st
^0.12.0
vitest
libsvtav1
instead of libaom
(currently disabled because it is too slow)ffmpeg.wasm is a pure Webassembly port of FFmpeg. It enables video & audio record, convert and stream right inside browsers.
Node
$ npm install @ffmpeg.wasm/main @ffmpeg.wasm/core-mt
Browser
Or, using a script tag in the browser (only works in some browsers, see list below):
Only browsers with
SharedArrayBuffer
support can use multi-thread core(@ffmpeg.wasm/core-mt
), you can check HERE for the complete list.
SharedArrayBuffer is only available to pages that are cross-origin isolated. You need to send headers
Cross-Origin-Embedder-Policy: require-corp
andCross-Origin-Opener-Policy: same-origin
for your site, and make sure your static resource server(or public CDN) contains the headerCross-Origin-Resource-Policy: cross-origin
(e.g. JSdelivr, not Unpkg)
<script src="https://cdn.jsdelivr.net/npm/@ffmpeg.wasm/main/dist/index.global.js"></script>
<script>
const ffmpeg = FFmpeg.create({
/* ... */
});
</script>
ffmpeg.wasm
provides simple to use APIs, to transcode a video you only need few lines of code:
import { readFile, writeFile } from "fs/promises";
import { FFmpeg } from "@ffmpeg.wasm/main";
const ffmpeg = await FFmpeg.create({ core: "@ffmpeg.wasm/core-mt" });
ffmpeg.fs.writeFile("test.avi", await readFile("./test.avi"));
await ffmpeg.run("-i", "test.avi", "test.mp4");
await writeFile("./test.mp4", ffmpeg.fs.readFile("test.mp4"));
process.exit(0);
For each version of ffmpeg.wasm, there is a default version of @ffmpeg.wasm/core-mt
(you can find it in devDependencies
section of package.json), but sometimes you may need to use newer version of @ffmpeg.wasm/core-mt
to use the latest/experimental features.
Warning: before reaching v1.0.0, there may be incompatibilities between each minor version of the core, see the migration guide for more details!
Just install the specific version you need:
$ npm install @ffmpeg.wasm/core-mt@$version
Or use your own version with customized path
const ffmpeg = await FFmpeg.create({
core: "path/to/your/ffmpeg.wasm/core.js",
});
const ffmpeg = await FFmpeg.create({
core: "https://cdn.jsdelivr.net/npm/@ffmpeg.wasm@$version/core-mt/dist/core.min.js",
});
const ffmpeg = await FFmpeg.create({
core: "@ffmpeg.wasm/core-st",
});
Multi-threading need to be configured per external libraries, only following libraries supports it now:
Run it multi-threading mode by default, no need to pass any arguments.
Need to pass -row-mt 1
, but can only use one thread to help, can speed up around 30%
There are two components inside ffmpeg.wasm:
@ffmpeg.wasm/core-mt contains WebAssembly code which is transpiled from original FFmpeg C code with minor modifications, but overall it still following the same licenses as FFmpeg and its external libraries (as each external libraries might have its own license).
@ffmpeg.wasm/main contains kind of a wrapper to handle the complexity of loading core and calling low-level APIs. It is a small code base and under MIT license.
1 GB, which is a hard limit in WebAssembly. Might become 4 GB in the future.
FAQs
WebAssembly version of FFmpeg
The npm package @ffmpeg.wasm/main receives a total of 1,777 weekly downloads. As such, @ffmpeg.wasm/main popularity was classified as popular.
We found that @ffmpeg.wasm/main demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.