
Research
SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.
@w3vish/ffmpeg-installer
Advanced tools
A cross-platform FFmpeg binary installer for Node.js applications. This package automatically downloads and configures FFmpeg binaries for your platform, making it easy to use FFmpeg in your Node.js projects without manual installation.
# Install both FFmpeg and FFprobe (default)
npm install ffmpeg-installer
# Install only FFmpeg
npm install ffmpeg-installer --ffmpeg-only
# Install only FFprobe
npm install ffmpeg-installer --ffprobe-only
// ES modules
import ffmpeg from 'ffmpeg-installer';
// CommonJS
const ffmpeg = require('ffmpeg-installer');
console.log('FFmpeg path:', ffmpeg.ffmpegPath);
console.log('FFprobe path:', ffmpeg.ffprobePath);
console.log('FFmpeg version:', ffmpeg.version);
import { spawn } from 'child_process';
import { ffmpegPath } from 'ffmpeg-installer';
const process = spawn(ffmpegPath, [
'-i', 'input.mp4',
'-c:v', 'libx264',
'-preset', 'fast',
'output.mp4'
]);
process.stdout.on('data', (data) => {
console.log(`stdout: ${data}`);
});
process.stderr.on('data', (data) => {
console.log(`stderr: ${data}`);
});
process.on('close', (code) => {
console.log(`Child process exited with code ${code}`);
});
import ffmpeg from 'fluent-ffmpeg';
import { ffmpegPath, ffprobePath } from 'ffmpeg-installer';
// Set paths
ffmpeg.setFfmpegPath(ffmpegPath);
ffmpeg.setFfprobePath(ffprobePath);
// Use fluent-ffmpeg
ffmpeg('input.mp4')
.output('output.mp4')
.on('end', () => {
console.log('Conversion finished');
})
.on('error', (err) => {
console.error('Error:', err);
})
.run();
You can install binaries for a specific platform by providing the --platform flag:
npm install ffmpeg-installer --platform=win32-x64
Supported platforms:
win32-x64 - Windows 64-bitwin32-ia32 - Windows 32-bitdarwin-x64 - macOS 64-bitdarwin-arm64 - macOS Apple Siliconlinux-x64 - Linux 64-bitlinux-arm64 - Linux ARM 64-bitlinux-armv7l - Linux ARM v7You can choose to install only FFmpeg or only FFprobe:
# FFmpeg only
npm install ffmpeg-installer --ffmpeg-only
# FFprobe only
npm install ffmpeg-installer --ffprobe-only
# Combine with platform specific installation
npm install ffmpeg-installer --platform=darwin-arm64 --ffmpeg-only
The package exports the following properties:
| Property | Type | Description |
|---|---|---|
path | string | Path to the FFmpeg binary (alias for ffmpegPath) |
ffmpegPath | string | Path to the FFmpeg binary |
ffprobePath | string | Path to the FFprobe binary |
version | string | Version of the FFmpeg binaries |
url | string | URL from where the binaries were downloaded |
platform | string | Current platform identifier |
arch | string | Current architecture identifier |
This package follows these steps during installation:
The downloaded binaries are stored in a platform-specific directory within the package, making them accessible across your application.
If you encounter permission errors when running the binaries:
# For Linux/macOS
chmod +x /path/to/ffmpeg
chmod +x /path/to/ffprobe
If the installation fails, you can try:
npm install ffmpeg-installer --unsafe-perm
If you have FFmpeg binaries installed elsewhere, you can manually set the path in your app:
import { spawn } from 'child_process';
// Override the path
const ffmpegPath = '/custom/path/to/ffmpeg';
const process = spawn(ffmpegPath, [...your args]);
MIT © Vishal Suryavanshi
FAQs
A fast and lightweight cross-platform FFmpeg & FFprobe binary installer for Node.js, supporting Linux, macOS, and Windows.
The npm package @w3vish/ffmpeg-installer receives a total of 56 weekly downloads. As such, @w3vish/ffmpeg-installer popularity was classified as not popular.
We found that @w3vish/ffmpeg-installer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.

Company News
Socket is proud to join the OpenJS Foundation as a Silver Member, deepening our commitment to the long-term health and security of the JavaScript ecosystem.

Security News
npm now links to Socket's security analysis on every package page. Here's what you'll find when you click through.