Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@nsfw-filter/gif-frames
Advanced tools
Pure JavaScript tool for extracting GIF frames and saving to file
A pure JavaScript tool for extracting GIF frames and saving to file. Works in Node or the browser. Uses get-pixels and save-pixels under the hood.
npm install gif-frames
If you're not using npm, you can include one of these in your HTML file:
<!-- unminified -->
<script src="https://unpkg.com/gif-frames@1.0.1?main=bundled"></script>
<!-- minified -->
<script src="https://unpkg.com/gif-frames@1.0.1?main=bundled-min"></script>
This will expose gifFrames
as a global variable.
require('gif-frames')(options[, callback])
var gifFrames = require('gif-frames');
var fs = require('fs');
gifFrames({ url: 'image.gif', frames: 0 }).then(function (frameData) {
frameData[0].getImage().pipe(fs.createWriteStream('firstframe.jpg'));
});
url
(required): The pathname to the file, or an in-memory Bufferframes
(required): The set of frames to extract. Can be one of:
'all'
(gets every frame)Initializer
accepted by the multi-integer-range libraryoutputType
(optional, default 'jpg'
): Type to use for output (see type
for save-pixels
)quality
(optional): Jpeg quality (see quality
for save-pixels
)cumulative
(optional, default false
): Many animated GIFs will only contain partial image information in each frame after the first. Specifying cumulative
as true
will compute each frame by layering it on top of previous frames. Note: the cost of this computation is proportional to the size of the last requested frame index.The callback accepts the arguments (error, frameData)
.
A Promise
resolving to the frameData
array (if promises are supported in the running environment)
frameData
An array of objects of the form:
{
getImage,
frameIndex,
frameInfo
}
getImage()
Returns one of:
options.outputType
is 'canvas'
frameIndex
The index corresponding to the frame's position in the original GIF (not necessarily the same as the frame's position in the result array)
frameInfo
It is an Object with metadata of the frame. Fields:
Name | Type | Description |
---|---|---|
x | Integer | Image Left Position |
y | Integer | Image Top Position |
width | Integer | Image Width |
height | Integer | Image Height |
has_local_palette | Boolean | Image local palette presentation flag |
palette_offset | Integer | Image palette offset |
palette_size | Integer | Image palette size |
data_offset | Integer | Image data offset |
data_length | Integer | Image data length |
transparent_index | Integer | Transparent Color Index |
interlaced | Boolean | Interlace Flag |
delay | Integer | Delay Time (1/100ths of a second) |
disposal | Integer | Disposal method |
Writing selected frames to the file system in Node:
var gifFrames = require('gif-frames');
var fs = require('fs');
gifFrames(
{ url: 'image.gif', frames: '0-2,7', outputType: 'png', cumulative: true },
function (err, frameData) {
if (err) {
throw err;
}
frameData.forEach(function (frame) {
frame.getImage().pipe(fs.createWriteStream(
'image-' + frame.frameIndex + '.png'
));
});
}
);
Drawing first frame to canvas in browser (and using a Promise
):
var gifFrames = require('gif-frames');
gifFrames({ url: 'image.gif', frames: 0, outputType: 'canvas' })
.then(function (frameData) {
document.body.appendChild(frameData[0].getImage());
}).catch(console.error.bind(console));
FAQs
Pure JavaScript tool for extracting GIF frames and saving to file
We found that @nsfw-filter/gif-frames demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.