Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
The Base64 npm package provides utilities for encoding and decoding data in Base64 format. This is useful for data transmission, storage, and processing where binary data needs to be represented in an ASCII string format.
Encoding
This feature allows you to encode a string into Base64 format. The example encodes the string 'Hello, World!' into its Base64 representation.
const base64 = require('base64');
const encoded = base64.encode('Hello, World!');
console.log(encoded); // Outputs: 'SGVsbG8sIFdvcmxkIQ=='
Decoding
This feature allows you to decode a Base64 encoded string back into its original format. The example decodes the Base64 string 'SGVsbG8sIFdvcmxkIQ==' back to 'Hello, World!'.
const base64 = require('base64');
const decoded = base64.decode('SGVsbG8sIFdvcmxkIQ==');
console.log(decoded); // Outputs: 'Hello, World!'
The js-base64 package provides similar functionality for encoding and decoding Base64 strings. It is a well-maintained and widely used package with a simple API. Compared to Base64, js-base64 offers additional methods for URL-safe encoding and decoding.
The base-64 package is another alternative for Base64 encoding and decoding. It is lightweight and has no dependencies, making it a good choice for projects where minimizing bundle size is important. It offers similar functionality to the Base64 package but with a slightly different API.
The buffer package is part of the Node.js core library and provides a way to handle binary data directly. It includes methods for Base64 encoding and decoding. While it offers more comprehensive functionality for binary data manipulation, it can be more complex to use compared to the Base64 package.
≈ 700 byte* polyfill for browsers which don't provide window.btoa
and
window.atob
.
Base64.js stems from a gist by yahiko.
make setup
make test
* Minified and gzipped. Run make bytes
to verify.
FAQs
Base64 encoding and decoding
The npm package Base64 receives a total of 562,487 weekly downloads. As such, Base64 popularity was classified as popular.
We found that Base64 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.