Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@openpgp/pako
Advanced tools
zlib port to javascript, very fast!
Why pako is cool:
This project was done to understand how fast JS can be and is it necessary to develop native C modules for CPU-intensive tasks. Enjoy the result!
Benchmarks:
node v0.10.26, 1mb sample:
deflate-dankogai x 4.73 ops/sec ±0.82% (15 runs sampled)
deflate-gildas x 4.58 ops/sec ±2.33% (15 runs sampled)
deflate-imaya x 3.22 ops/sec ±3.95% (12 runs sampled)
! deflate-pako x 6.99 ops/sec ±0.51% (21 runs sampled)
deflate-pako-string x 5.89 ops/sec ±0.77% (18 runs sampled)
deflate-pako-untyped x 4.39 ops/sec ±1.58% (14 runs sampled)
* deflate-zlib x 14.71 ops/sec ±4.23% (59 runs sampled)
inflate-dankogai x 32.16 ops/sec ±0.13% (56 runs sampled)
inflate-imaya x 30.35 ops/sec ±0.92% (53 runs sampled)
! inflate-pako x 69.89 ops/sec ±1.46% (71 runs sampled)
inflate-pako-string x 19.22 ops/sec ±1.86% (49 runs sampled)
inflate-pako-untyped x 17.19 ops/sec ±0.85% (32 runs sampled)
* inflate-zlib x 70.03 ops/sec ±1.64% (81 runs sampled)
node v0.11.12, 1mb sample:
deflate-dankogai x 5.60 ops/sec ±0.49% (17 runs sampled)
deflate-gildas x 5.06 ops/sec ±6.00% (16 runs sampled)
deflate-imaya x 3.52 ops/sec ±3.71% (13 runs sampled)
! deflate-pako x 11.52 ops/sec ±0.22% (32 runs sampled)
deflate-pako-string x 9.53 ops/sec ±1.12% (27 runs sampled)
deflate-pako-untyped x 5.44 ops/sec ±0.72% (17 runs sampled)
* deflate-zlib x 14.05 ops/sec ±3.34% (63 runs sampled)
inflate-dankogai x 42.19 ops/sec ±0.09% (56 runs sampled)
inflate-imaya x 79.68 ops/sec ±1.07% (68 runs sampled)
! inflate-pako x 97.52 ops/sec ±0.83% (80 runs sampled)
inflate-pako-string x 45.19 ops/sec ±1.69% (57 runs sampled)
inflate-pako-untyped x 24.35 ops/sec ±2.59% (40 runs sampled)
* inflate-zlib x 60.32 ops/sec ±1.36% (69 runs sampled)
zlib's test is partially affected by marshalling (that make sense for inflate only). You can change deflate level to 0 in benchmark source, to investigate details. For deflate level 6 results can be considered as correct.
Full docs - http://nodeca.github.io/pako/
import pako from "https://raw.githubusercontent.com/Denocord/pako/master/mod.js";
// or
import { deflate, inflate, Inflate } from "https://raw.githubusercontent.com/Denocord/pako/master/mod.js";
// Deflate
//
var input = new Uint8Array();
//... fill input data here
var output = pako.deflate(input);
// Inflate (simple wrapper can throw exception on broken stream)
//
var compressed = new Uint8Array();
//... fill data to uncompress here
try {
var result = pako.inflate(compressed);
} catch (err) {
console.log(err);
}
//
// Alternate interface for chunking & without exceptions
//
var inflator = new pako.Inflate();
inflator.push(chunk1, false);
inflator.push(chunk2, false);
...
inflator.push(chunkN, true); // true -> last chunk
if (inflator.err) {
console.log(inflator.msg);
}
var output = inflator.result;
Sometime you can wish to work with strings. For example, to send big objects as json to server. Pako detects input data type.
import pako from "https://raw.githubusercontent.com/Denocord/pako/master/mod.js";
var test = { my: 'super', puper: [456, 567], awesome: 'pako' };
var data = pako.deflate(JSON.stringify(test));
//
// Here you can do base64 encode, make xhr requests and so on.
//
var restored = JSON.parse(new TextDecoder().decode(pako.inflate(data)));
Pako does not contain some specific zlib functions:
deflateCopy
, deflateBound
, deflateParams
,
deflatePending
, deflatePrime
, deflateTune
.inflateCopy
, inflateMark
,
inflatePrime
, inflateGetDictionary
, inflateSync
, inflateSyncPoint
, inflateUndermine
.Personal thanks to:
Original implementation (in C):
/lib/zlib
folder/lib/zlib
contentFAQs
zlib port to javascript - fast, modularized, with browser support
The npm package @openpgp/pako receives a total of 8 weekly downloads. As such, @openpgp/pako popularity was classified as not popular.
We found that @openpgp/pako demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.