Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@remix-run/web-blob
Advanced tools
Web API compatible Blob for nodejs.
The reason this library exists is because fetch-blob chooses to compromise
Web API compatibility of blob.stream()
by using nodejs
native Readable stream. We found this to be problematic when sharing code
across nodejs and browser runtimes. Instead this library stays true to the
specification by using ReadableStream implementation from @remix-run/web-stream
library even if that is less convenient in nodejs context.
Note: Both node Readable streams and web ReadableStream implement
AsyncIterable
interface and in theory either could be used with for await loops. In practice however major browsers do not yet shipAsyncIterable
support for ReadableStreams which in our experience makes choice made by node-fetch impractical.
fetch-blob is build around node Buffers. This implementation is built around standard Uint8Arrays.
fetch-blob chooses to use WeakMaps for encapsulating private state. This
library chooses to use to use properties with names that start with _
. While
those properties aren't truly private they do have better performance profile
and make it possible to interop with this library, which we found impossible
to do with node-fetch.
import { Blob } from "@remix-run/web-blob"
const blob = new Blob(["hello", new TextEncoder().encode("world")])
for await (const chunk of blob.stream()) {
console.log(chunk)
}
This library makes use of typescript using JSDOC annotations and also generates type definitions along with typed definition maps. So you should be able to get all the type inference out of the box.
npm install @remix-run/web-blob
FAQs
Web API compatible Blob implementation
The npm package @remix-run/web-blob receives a total of 584,976 weekly downloads. As such, @remix-run/web-blob popularity was classified as popular.
We found that @remix-run/web-blob demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.