Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@ludovicm67/mp4-tools
Advanced tools
npm install @ludovicm67/mp4-tools
The following is exposed:
Buffer
: Buffer that works on both Node.js and browsersutils.blobToArrayBuffer
: a function to convert a Blob to an ArrayBufferfix
: the function to use to fix a chunk by using the previous oneMP4 files are structured into several different box types, each serving a specific purpose:
ftyp
(File Type Box): The first box in the file, declaring file type, compatibility, and specifications.moov
(Movie Box): Contains all metadata about the video, like tracks, duration, etc. It includes sub-boxes:
mvhd
(Movie Header Box): Global information about the movie.trak
(Track Box): A container for a single track (audio, video, etc.), with sub-boxes like tkhd
(Track Header) and mdia
(Media).moof
(Movie Fragment Box): Contains all metadata about a single fragment of the movie, with sub-boxes like mfhd
(Movie Fragment Header) and traf
(Track Fragment).mdat
(Media Data Box): Contains the actual media data, such as video frames and audio samples.The cli
folder contains a command line tool that can be used to fix or merge chunks.
Have a look at the README of the CLI for more information.
FAQs
MP4 tools
The npm package @ludovicm67/mp4-tools receives a total of 4 weekly downloads. As such, @ludovicm67/mp4-tools popularity was classified as not popular.
We found that @ludovicm67/mp4-tools demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.