Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The avsc npm package is a library for encoding and decoding data in the Avro serialization format. It provides tools for working with Avro schemas, serializing and deserializing data, and performing schema evolution.
Schema Definition
This feature allows you to define Avro schemas using JSON. The code sample demonstrates how to define a simple Avro schema for a record with 'name' and 'age' fields.
const avro = require('avsc');
const type = avro.Type.forSchema({
type: 'record',
fields: [
{name: 'name', type: 'string'},
{name: 'age', type: 'int'}
]
});
Serialization
This feature allows you to serialize JavaScript objects into Avro binary format. The code sample shows how to serialize an object with 'name' and 'age' fields into a buffer.
const avro = require('avsc');
const type = avro.Type.forSchema({
type: 'record',
fields: [
{name: 'name', type: 'string'},
{name: 'age', type: 'int'}
]
});
const buf = type.toBuffer({name: 'John Doe', age: 30});
Deserialization
This feature allows you to deserialize Avro binary data back into JavaScript objects. The code sample demonstrates how to deserialize a buffer back into an object.
const avro = require('avsc');
const type = avro.Type.forSchema({
type: 'record',
fields: [
{name: 'name', type: 'string'},
{name: 'age', type: 'int'}
]
});
const buf = type.toBuffer({name: 'John Doe', age: 30});
const obj = type.fromBuffer(buf);
Schema Evolution
This feature supports schema evolution, allowing you to read data written with an older schema using a newer schema. The code sample shows how to evolve a schema by adding a new field with a default value.
const avro = require('avsc');
const oldType = avro.Type.forSchema({
type: 'record',
fields: [
{name: 'name', type: 'string'}
]
});
const newType = avro.Type.forSchema({
type: 'record',
fields: [
{name: 'name', type: 'string'},
{name: 'age', type: 'int', 'default': 0}
]
});
const buf = oldType.toBuffer({name: 'John Doe'});
const obj = newType.fromBuffer(buf);
avro-js is another library for working with Avro data in JavaScript. It provides similar functionality for schema definition, serialization, and deserialization. However, avro-js is generally considered to be less performant compared to avsc.
node-avro-io is a library for Avro serialization and deserialization in Node.js. It offers similar features to avsc but is less actively maintained and has fewer features related to schema evolution.
Pure JavaScript implementation of the Avro specification.
$ npm install avsc
avsc
is compatible with all versions of node.js since 0.11
.
Inside a node.js module, or using browserify:
const avro = require('avsc');
Encode and decode values from a known schema:
const type = avro.Type.forSchema({
type: 'record',
name: 'Pet',
fields: [
{
name: 'kind',
type: {type: 'enum', name: 'PetKind', symbols: ['CAT', 'DOG']}
},
{name: 'name', type: 'string'}
]
});
const buf = type.toBuffer({kind: 'CAT', name: 'Albert'}); // Encoded buffer.
const val = type.fromBuffer(buf); // = {kind: 'CAT', name: 'Albert'}
Infer a value's schema and encode similar values:
const type = avro.Type.forValue({
city: 'Cambridge',
zipCodes: ['02138', '02139'],
visits: 2
});
// We can use `type` to encode any values with the same structure:
const bufs = [
type.toBuffer({city: 'Seattle', zipCodes: ['98101'], visits: 3}),
type.toBuffer({city: 'NYC', zipCodes: [], visits: 0})
];
Get a readable stream of decoded values from an Avro
container file compressed using Snappy (see the BlockDecoder
API for an example including checksum validation):
const snappy = require('snappy'); // Or your favorite Snappy library.
const codecs = {
snappy: function (buf, cb) {
// Avro appends checksums to compressed blocks, which we skip here.
return snappy.uncompress(buf.slice(0, buf.length - 4), cb);
}
};
avro.createFileDecoder('./values.avro', {codecs})
.on('metadata', function (type) { /* `type` is the writer's type. */ })
.on('data', function (val) { /* Do something with the decoded value. */ });
Implement a TCP server for an IDL-defined protocol:
// We first generate a protocol from its IDL specification.
const protocol = avro.readProtocol(`
protocol LengthService {
/** Endpoint which returns the length of the input string. */
int stringLength(string str);
}
`);
// We then create a corresponding server, implementing our endpoint.
const server = avro.Service.forProtocol(protocol)
.createServer()
.onStringLength(function (str, cb) { cb(null, str.length); });
// Finally, we use our server to respond to incoming TCP connections!
require('net').createServer()
.on('connection', (con) => { server.createChannel(con); })
.listen(24950);
FAQs
Avro for JavaScript
We found that avsc demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.