Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@skylineos/clsp-player
Advanced tools
@skylineos/clsp-player
Skyline Technology Solutions' CLSP Video Player. Stream video in near-real-time in modern browsers.
Skyline CLSP Player
An html5 CLSP video player. CLSP is a proprietary near-real-time video streaming protocol only available via Skyline's SFS solutions.
The highest h.264 keyframe/iframe segment frequency this player currently supports is 2 per second (this is different from frames per second).
Table of Contents
Supported Browsers
Desktop
- Google Chrome 53+
- Mozilla Firefox 70+
- Microsoft Edge 80+ (Chromium-based)
All other desktop browsers are currently not supported.
Mobile
@todo
URL Structure
The network protocol is handled by specifying the following URI format:
[clsp protocol] :// [sfs-ip-address] : [port-number-of-web-socket] / [stream-name]
clsp protocol: clsp or clspssfs-ip-address: the ip address is that of the SFSport-number-of-web-socket: the port is not necessary unless it is something other than 80 or 443stream-name: the stream name as defined on the SFS
Example stream url:
clsp://172.28.12.57/FairfaxVideo0520
Tokenization
With the latest version of the CLSP Player, you are able to control stream access with two diferent token methods.
Hash
The MD5 hash authentication method provides authentication as well as stream access time.
[clsp protocol]-hash://[sfs-ip-address]:[port-number-of-web-socket]/[stream-name]?start=[time-epoch-seconds]&end=[time-epoch-seconds]&token=[hash-token]
The token is created by appending a shared secret to the url. That new string is used to create an MD5 hash. The shared secret must first be set up on the SFS and the stream-requesting application.
NOTE: When using the Hash method of authentication, the
[port-number-of-web-socket]is a REQUIRED parameter.
In order to play a video stream that has Hash authentication enabed, there are 3 query parameters you need to pass along with your URL. Here is the structure of a clsp/clsps hash enabled url.
clsps-hash://<host>[:port]/stream?start={epoch_seconds}&end={epoch_seconds}&token={hashed_url}
clsp-hash://<host>[:port]/stream?start={epoch_seconds}&end={epoch_seconds}&token={hashed_url}
start: contains the earliest time you want the stream to become available.end: contains the latest time you want the stream to become available.token: contains the entire url sans token, md5 + secret
Installation
Via Yarn
yarn add @skylineos/clsp-player
Via NPM
npm i @skylineos/clsp-player
Usage
@babel/polyfill MUST be sourced/included prior to the CLSP Player.
See demo/simple.html for a full example.
<head> Tag
In the <head> of your page, include a line for the CLSP Player styles:
<head>
<!-- CLSP styles -->
<link
rel="stylesheet"
href="/path/to/dist/clsp-player.css"
>
<!-- Babel Polyfill -->
<script
type="text/javascript"
src="//cdn.jsdelivr.net/npm/@babel/polyfill@7.8.7/dist/polyfill.min.js"
></script>
<head>
<video> tag
We recommend wrapping the video tag in a container element (e.g. div) that the CLSP Player can mutate as needed. The CLSP Player needs to perform some actions on the video element as well as its container.
On the HTML video tag, the type attribute must be the following:
video/mp4; codecs='avc1.42E01E'
This tells the browser exactly what codec to use to decode and play the video. H.264 baseline 3.0 is a least common denominator codec supported on all browsers (according to the MSE development page).
Here is a sample video element that defines a CLSP stream:
<div class="video-container">
<div>
<video
id="my-video"
muted
>
<source
src="clsp://172.28.12.57/FairfaxVideo0520"
type="video/mp4; codecs='avc1.42E01E'"
/>
</video>
</div>
</div>
<script> Tag
<!-- CLSP Player -->
<script src="/path/to/dist/clsp-player.min.js"></script>
<script>
// Construct the player collection
window.iovCollection = window.IovCollection.asSingleton();
// Instantiate the iov instance for this video element id
window.iovCollection.create('my-video')
.then(function (iov) {
// do something with the iov instance
})
.catch(function (error) {
// do something with the error
});
</script>
Dependencies
@babel/polyfill 7.8.7 is required.
FAQs
Skyline Technology Solutions' CLSP Video Player. Stream video in near-real-time in modern browsers.
We found that @skylineos/clsp-player demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 05 Apr 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024