
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@office-open/pptx
Advanced tools
Generate, parse, and patch .pptx presentations with a declarative TypeScript API
Generate and parse .pptx presentations with a declarative TypeScript API. Works in Node.js and browsers.
parsePresentation for round-trip workflows# pnpm
pnpm add @office-open/pptx
# npm
npm install @office-open/pptx
# yarn
yarn add @office-open/pptx
# bun
bun add @office-open/pptx
import { generatePresentation } from "@office-open/pptx";
import { writeFileSync } from "node:fs";
const buffer = await generatePresentation({
slides: [
{
children: [
{
shape: {
textBody: {
children: [{ paragraph: { children: ["Hello World"] } }],
},
fill: "4472C4",
x: 100,
y: 100,
width: 600,
height: 400,
},
},
],
},
],
});
writeFileSync("presentation.pptx", buffer);
Read existing .pptx files and re-create them as PresentationOptions:
import { parsePresentation, generatePresentation } from "@office-open/pptx";
import { readFileSync, writeFileSync } from "node:fs";
const opts = parsePresentation(new Uint8Array(readFileSync("input.pptx")));
// Modify parsed data, then re-generate
const buffer = await generatePresentation(opts);
writeFileSync("output.pptx", buffer);
Performance vs PptxGenJS (higher ops/s is better, Windows 11 / Node 24).
Default = XML DEFLATE level 1 (SuperFast); media is split by type, matching MS Office PowerPoint — already-compressed formats (PNG/JPEG/GIF) are STOREd, the rest (EMF/WMF/BMP/TIFF/…) use DEFLATE level 1 (verified on a real MS Office file). All STORE = no compression ({ compression: { xml: 0, media: 0 } }). PptxGenJS (async only) defaults to STORE (via JSZip), supports DEFLATE via compression: true (applies to ALL entries including images).
// Default (matches MS Office)
await generatePresentation(options);
// All STORE (no compression)
await generatePresentation(options, { compression: { xml: 0, media: 0 } });
Create + toBuffer (end-to-end)
| Scenario | Default sync | Default async | All STORE sync | All STORE async | PptxGenJS DEFLATE | PptxGenJS STORE |
|---|---|---|---|---|---|---|
| Simple (2 shapes) | 1,391 ops/s | 693 ops/s | 4,055 ops/s | 4,148 ops/s | 182 ops/s | 187 ops/s |
| Styled shapes (20) | 1,302 ops/s | 661 ops/s | 4,387 ops/s | 4,030 ops/s | 188 ops/s | 183 ops/s |
| Table (10x5) | 1,694 ops/s | 802 ops/s | 7,787 ops/s | 7,891 ops/s | 857 ops/s | 937 ops/s |
| Full featured | 1,155 ops/s | 627 ops/s | 2,873 ops/s | 2,821 ops/s | 97 ops/s | 98 ops/s |
Large Files — Create + toBuffer
| Scenario | Default sync | Default async | All STORE sync | All STORE async | PptxGenJS DEFLATE | PptxGenJS STORE |
|---|---|---|---|---|---|---|
| 30 slides x 20 shapes | 271 ops/s | 144 ops/s | 571 ops/s | 577 ops/s | 119 ops/s | 120 ops/s |
| 30 slides x 10 images | 130 ops/s | 87.4 ops/s | 173 ops/s | 168 ops/s | 0.32 ops/s | 0.32 ops/s |
| 100x10 table | 618 ops/s | 453 ops/s | 1,082 ops/s | 1,039 ops/s | 128 ops/s | 123 ops/s |
| 50 slides full | 89.2 ops/s | 60.5 ops/s | 131 ops/s | 129 ops/s | 0.95 ops/s | 0.95 ops/s |
Large File (~100MB) — Mixed Content
40 slides x (2 shapes + 2 mixed-size images + 3x3 table).
| Scenario | Default sync | Default async | All STORE sync | All STORE async | PptxGenJS DEFLATE | PptxGenJS STORE |
|---|---|---|---|---|---|---|
| 40 slides mixed | 24.5 ops/s | 22.1 ops/s | 26.3 ops/s | 26.5 ops/s | 0.22 ops/s | 0.23 ops/s |
Check the demo folder for working examples covering every feature.
FAQs
Generate, parse, and patch .pptx presentations with a declarative TypeScript API
The npm package @office-open/pptx receives a total of 177 weekly downloads. As such, @office-open/pptx popularity was classified as not popular.
We found that @office-open/pptx demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.