Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Javascript implementation of zip for nodejs with support for electron original-fs. Allows user to create or extract zip files both in memory or to/from disk
The adm-zip npm package is a JavaScript library for ZIP archive manipulation. It allows users to work with ZIP files directly from their Node.js applications. With adm-zip, you can create, extract, and update ZIP archives without relying on external tools.
Creating ZIP archives
This feature allows you to create a new ZIP archive and add files to it from the local filesystem. The 'writeZip' method is then used to write the archive to disk.
const AdmZip = require('adm-zip');
const zip = new AdmZip();
zip.addLocalFile('/path/to/file.txt');
zip.writeZip('/path/to/archive.zip');
Extracting ZIP archives
This feature enables you to extract the contents of a ZIP archive to a specified directory on the filesystem. The second parameter of 'extractAllTo' determines whether to overwrite existing files.
const AdmZip = require('adm-zip');
const zip = new AdmZip('/path/to/archive.zip');
zip.extractAllTo('/path/to/extract/', true);
Reading ZIP archives
This feature is used to read the contents of a ZIP archive and list its entries. You can iterate over the entries to get information about each file or directory in the archive.
const AdmZip = require('adm-zip');
const zip = new AdmZip('/path/to/archive.zip');
const zipEntries = zip.getEntries();
zipEntries.forEach((zipEntry) => {
console.log(zipEntry.toString()); // outputs zip entries information
});
Updating ZIP archives
This feature allows you to update the contents of an existing file within a ZIP archive. The 'updateFile' method takes the filename and the new content as a Buffer.
const AdmZip = require('adm-zip');
const zip = new AdmZip('/path/to/archive.zip');
zip.updateFile('fileInsideZip.txt', Buffer.from('new content'));
zip.writeZip();
JSZip is a popular npm package with similar functionality to adm-zip. It allows for creating, reading, and editing .zip files with JavaScript. JSZip has a more modern API and supports Promises, which can make it easier to use in asynchronous code compared to adm-zip.
Archiver is another npm package that can create archives in zip and tar formats. It provides streaming support, which can be beneficial for working with large files or for network transfers. Archiver is often preferred for its performance and flexibility.
Extract-zip is focused solely on extracting ZIP files. It's a simpler alternative to adm-zip if you only need to extract archives and not create or manipulate them. It uses a callback-based API for handling extraction completion.
Yauzl is a minimalistic npm package for reading ZIP archives. It's designed to be low-level and fast, following the philosophy of 'do one thing and do it well.' Unlike adm-zip, yauzl does not provide the ability to create or write to ZIP files.
ADM-ZIP is a pure JavaScript implementation for zip data compression for NodeJS.
With npm do:
$ npm install adm-zip
Electron file system support described below.
The library allows you to:
There are no other nodeJS libraries that ADM-ZIP is dependent of
var AdmZip = require("adm-zip");
// reading archives
var zip = new AdmZip("./my_file.zip");
var password = "1234567890";
var zipEntries = zip.getEntries(); // an array of ZipEntry records - add password parameter if entries are password protected
zipEntries.forEach(function (zipEntry) {
console.log(zipEntry.toString()); // outputs zip entries information
if (zipEntry.entryName == "my_file.txt") {
console.log(zipEntry.getData().toString("utf8"));
}
});
// outputs the content of some_folder/my_file.txt
console.log(zip.readAsText("some_folder/my_file.txt"));
// extracts the specified file to the specified location
zip.extractEntryTo(/*entry name*/ "some_folder/my_file.txt", /*target path*/ "/home/me/tempfolder", /*maintainEntryPath*/ false, /*overwrite*/ true);
// extracts everything
zip.extractAllTo(/*target path*/ "/home/me/zipcontent/", /*overwrite*/ true);
// creating archives
var zip = new AdmZip();
// add file directly
var content = "inner content of the file";
zip.addFile("test.txt", Buffer.from(content, "utf8"), "entry comment goes here");
// add local file
zip.addLocalFile("/home/me/some_picture.png");
// get everything as a buffer
var willSendthis = zip.toBuffer();
// or write everything to disk
zip.writeZip(/*target file name*/ "/home/me/files.zip");
// ... more examples in the wiki
For more detailed information please check out the wiki.
ADM-ZIP has supported electron original-fs for years without any user interractions but it causes problem with bundlers like rollup etc. For continuing support original-fs or any other custom file system module. There is possible specify your module by fs option in ADM-ZIP constructor.
Example:
const AdmZip = require("adm-zip");
const OriginalFs = require("original-fs");
// reading archives
const zip = new AdmZip("./my_file.zip", { fs: OriginalFs });
.
.
.
FAQs
Javascript implementation of zip for nodejs with support for electron original-fs. Allows user to create or extract zip files both in memory or to/from disk
The npm package adm-zip receives a total of 4,649,725 weekly downloads. As such, adm-zip popularity was classified as popular.
We found that adm-zip demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.