Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@stardazed/streams-polyfill
Advanced tools
This package provides a full polyfill for the Web Streams Standard
for use in browsers, including patching the built-in fetch
and Response
types
to support the body
field.
This uses the fully compliant Stardazed streams implementation, see that repo for more information about some limitations of a streams polyfill. TLDR: almost everything works, except for stuff the standard specifies but is not implemented in browser engines yet (detached buffer storage.)
👉 If you have your own ReadableStream
replacement — including mocks or modifications
of the built-in type — and want to use it with fetch
check out the
streams fetch adapter package
to have your code work with fetch
transparently.
The core streams functionality requires ES6 classes, Symbol
s, Promise
s and typed
arrays to be implemented. Testing has only been done on current browsers but it should
work with Safari 9+, Edge 13+, Firefox 45+ and Chrome 42+. IE is not supported.
Adapting fetch
to work with streams requires that the browser has a native fetch
implementation. This comes down to: Safari 10.1+ (iOS 10.3+), Edge 14+, Firefox 52+ and
Chrome 54+.
I have not tested older browsers with a fetch
polyfill. It may work, it may not.
If you try it out, ensure the fetch
polyfill loads before this one.
Node (as of July 2018) has no built-in fetch or web streams support. I did not do extensive
tests but this polyfill, when require()
d, will install all streams types in Node's
global
object and they then work as expected. Like with browsers, cooperation with any
fetch
polyfills available has not been tested.
In general, polyfills are not used in Node. If you want to use web streams in Node,
consider using the Stardazed streams package
directly and optionally wrapping any fetch
implementations you use with the
streams fetch adapter.
Node versions >= 7 should be sufficient.
There are two ways to use this package, as a simple <script>
include or as an import
with side effects.
Use your favourite CDN supplier or host the file yourself. Make sure to have the polyfill
load before any code that uses ReadableStream
, fetch
or Response
. To be safe have
it load as the first script.
<script src="//unpkg.com/@stardazed/streams-polyfill/dist/sd-streams-polyfill.min.js"></script>
First add this package to your project with your package manager of choice.
npm install @stardazed/streams-polyfill
pnpm install @stardazed/streams-polyfill
yarn add @stardazed/streams-polyfill
Then import it in your index.js/ts file, at application startup. Like with the include method above, make sure this code runs before everything else.
import "@stardazed/streams-polyfill";
All stream types are available globally now, no further actions are needed.
See the following resources for more info on using the Streams standard.
© 2018 by Arthur Langereis - @zenmumbler
MIT
FAQs
Drop-in polyfill for Web Streams with fetch and encoding integration
We found that @stardazed/streams-polyfill demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.