
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@office-open/pptx
Advanced tools
Generate, parse, and patch .pptx presentations with a declarative TypeScript API
Generate and parse .pptx presentations with a declarative TypeScript API. Works in Node.js and browsers.
parsePresentation for round-trip workflows# pnpm
pnpm add @office-open/pptx
# npm
npm install @office-open/pptx
# yarn
yarn add @office-open/pptx
# bun
bun add @office-open/pptx
import { generatePresentation } from "@office-open/pptx";
import { writeFileSync } from "node:fs";
const buffer = await generatePresentation({
slides: [
{
children: [
{
shape: {
textBody: {
children: [{ paragraph: { children: ["Hello World"] } }],
},
fill: "4472C4",
x: 100,
y: 100,
width: 600,
height: 400,
},
},
],
},
],
});
writeFileSync("presentation.pptx", buffer);
Read existing .pptx files and re-create them as PresentationOptions:
import { parsePresentation, generatePresentation } from "@office-open/pptx";
import { readFileSync, writeFileSync } from "node:fs";
const opts = parsePresentation(new Uint8Array(readFileSync("input.pptx")));
// Modify parsed data, then re-generate
const buffer = await generatePresentation(opts);
writeFileSync("output.pptx", buffer);
Performance vs PptxGenJS (higher ops/s is better, Windows 11 / Node 24).
Default = XML DEFLATE level 1 (SuperFast); media is split by type, matching MS Office PowerPoint — already-compressed formats (PNG/JPEG/GIF) are STOREd, the rest (EMF/WMF/BMP/TIFF/…) use DEFLATE level 1 (verified on a real MS Office file). All STORE = no compression ({ compression: { xml: 0, media: 0 } }). PptxGenJS (async only) defaults to STORE (via JSZip), supports DEFLATE via compression: true (applies to ALL entries including images).
// Default (matches MS Office)
await generatePresentation(options);
// All STORE (no compression)
await generatePresentation(options, { compression: { xml: 0, media: 0 } });
Create + toBuffer (end-to-end)
| Scenario | Default sync | Default async | All STORE sync | All STORE async | PptxGenJS DEFLATE | PptxGenJS STORE |
|---|---|---|---|---|---|---|
| Simple (2 shapes) | 1,684 ops/s | 773 ops/s | 6,061 ops/s | 5,249 ops/s | 181 ops/s | 185 ops/s |
| Styled shapes (20) | 1,497 ops/s | 745 ops/s | 5,154 ops/s | 4,958 ops/s | 168 ops/s | 170 ops/s |
| Table (10x5) | 1,657 ops/s | 729 ops/s | 7,252 ops/s | 6,797 ops/s | 889 ops/s | 999 ops/s |
| Full featured | 1,635 ops/s | 714 ops/s | 4,816 ops/s | 4,321 ops/s | 96 ops/s | 94 ops/s |
Large Files — Create + toBuffer
| Scenario | Default sync | Default async | All STORE sync | All STORE async | PptxGenJS DEFLATE | PptxGenJS STORE |
|---|---|---|---|---|---|---|
| 30 slides x 20 shapes | 253 ops/s | 139 ops/s | 500 ops/s | 490 ops/s | 119 ops/s | 123 ops/s |
| 30 slides x 10 images | 320 ops/s | 160 ops/s | 793 ops/s | 795 ops/s | 0.26 ops/s | 0.30 ops/s |
| 100x10 table | 641 ops/s | 460 ops/s | 954 ops/s | 891 ops/s | 120 ops/s | 126 ops/s |
| 50 slides full | 169 ops/s | 87 ops/s | 326 ops/s | 317 ops/s | 0.90 ops/s | 0.90 ops/s |
Large File (~100MB) — Mixed Content
40 slides x (2 shapes + 2 mixed-size images + 3x3 table).
| Scenario | Default sync | Default async | All STORE sync | All STORE async | PptxGenJS DEFLATE | PptxGenJS STORE |
|---|---|---|---|---|---|---|
| 40 slides mixed | 227 ops/s | 124 ops/s | 708 ops/s | 721 ops/s | 0.23 ops/s | 0.22 ops/s |
Check the demo folder for working examples covering every feature.
FAQs
Generate, parse, and patch .pptx presentations with a declarative TypeScript API
The npm package @office-open/pptx receives a total of 480 weekly downloads. As such, @office-open/pptx popularity was classified as not popular.
We found that @office-open/pptx demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.