Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@jprochazk/cbor
Advanced tools
TypeScript implementation of the Concise Binary Object Representation RFC 7049. From the official website:
CBOR is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation.
The API is self-explanatory:
// Initialize some data
const json = {
"key": "value",
"another key": [
1, 2, 3
],
"number": 3.141592653589793
"nulls are also encoded": null
};
const encoded = CBOR.encode(json); // ArrayBuffer
const decoded = CBOR.decode(encoded); // Object
// You can also encode into a pre-allocated buffer
const encoded = CBOR.encodeInto(new ArrayBuffer(4096), data);
The library is targeted for both Node and Browsers using NPM:
> npm install cbor@npm:jprochazk/cbor
This installs the library under the cbor
alias.
// as CommonJS
const CBOR = require("cbor");
// as an ES module
import CBOR from "cbor";
CBOR.encode(...);
CBOR.decode(...);
Or included in the page as a static script from the unkpg
CDN:
<script src="https://unpkg.com/@jprochazk/cbor@0.4.6"></script>
<script>
// after including the script in the page, the CBOR object is available globally
CBOR.encode(...);
CBOR.decode(...);
</script>
Benchmark is available here.
Browser | CBOR.decode | CBOR.encode | CBOR.encodeInto |
---|---|---|---|
Chrome | 5225 ops/s | 8998 ops/s | 9268 ops/s |
Firefox | 20454 ops/s | 22323 ops/s | 22900 ops/s |
Results are on a i5-8600k intel processor. Your mileage may vary. The JSON data used in the test is 2 KB decoded and 1.8 KB encoded. I specifically chose this data, because it encodes badly (lots of nested objects with only a single property). The benchmark suggests the library can encode/decode around 10 MB/s in Chrome and around 50 MB/s in Firefox. Hopefully, these are meaningful results.
There are a few things from the specification which are currently unimplemented:
If you need one or more of these features, submit an issue.
FAQs
Partial implementation of RFC 7049 (CBOR)
We found that @jprochazk/cbor demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.