Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
By Sarah Gooding - Dec 03, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@hazae41/foras
Advanced tools
@hazae41/foras
WebAssembly port of Deflate, Gzip, and Zlib compression algorithms
Foras
WebAssembly port of Deflate, Gzip, and Zlib compression algorithms
npm i @hazae41/foras
Node Package 📦 • Deno Module 🦖 • Next.js CodeSandbox 🪣
Algorithms
- Deflate from flate2
- Gzip from flate2
- Zlib from flate2
Features
- Reproducible building
- Pre-bundled and streamed
- Zero-copy memory slices
Usage
Direct
import { Foras, deflate, inflate } from "@hazae41/foras";
// or { Foras, gzip, gunzip }
// or { Foras, zlib, unzlib }
// Wait for WASM to load
await Foras.initBundledOnce()
const bytes = new TextEncoder().encode("Hello world")
const compressed = deflate(bytes).copyAndDispose()
const decompressed = inflate(compressed).copyAndDispose()
Streaming
import { Foras, DeflateEncoder, DeflateDecoder } from "@hazae41/foras";
// or { Foras, GzEncoder, GzDecoder }
// or { Foras, ZlibEncoder, ZlibDecoder }
// Wait for WASM to load
await Foras.initBundledOnce()
const bytes = new TextEncoder().encode("Hello world")
const compresser = new DeflateEncoder()
compresser.write(bytes)
compresser.flush()
const compressed1 = compresser.read().copyAndDispose()
const compressed2 = compresser.finish().copyAndDispose()
compresser.free()
Building
Unreproducible building
You need to install Rust
Then, install wasm-pack
cargo install wasm-pack
Finally, do a clean install and build
npm ci && npm run build
Reproducible building
You can build the exact same bytecode using Docker, just be sure you're on a linux/amd64 host
docker compose up --build
Then check that all the files are the same using git status
git status --porcelain
If the output is empty then the bytecode is the same as the one I commited
Automated checks
Each time I commit to the repository, the GitHub's CI does the following:
- Clone the repository
- Reproduce the build using
docker compose up --build - Throw an error if the
git status --porcelainoutput is not empty
Each time I release a new version tag on GitHub, the GitHub's CI does the following:
- Clone the repository
- Do not reproduce the build, as it's already checked by the task above
- Throw an error if there is a
npm diffbetween the cloned repository and the same version tag on NPM
If a version is present on NPM but not on GitHub, do not use!
FAQs
WebAssembly port of Deflate, Gzip, and Zlib compression algorithms
The npm package @hazae41/foras receives a total of 353 weekly downloads. As such, @hazae41/foras popularity was classified as not popular.
We found that @hazae41/foras demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 12 Oct 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024