Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The b4a npm package is a Buffer implementation for the browser with the same API as the Node.js Buffer. It allows you to use the Buffer API in environments where the native Buffer is not available, such as in web browsers.
Buffer Creation
This feature allows you to create a new Buffer instance from a string, with an optional encoding parameter.
const b4a = require('b4a');
const buf = b4a.from('hello world', 'utf8');
Buffer Concatenation
This feature allows you to concatenate multiple Buffer instances into a new Buffer instance.
const b4a = require('b4a');
const buf1 = b4a.from('hello');
const buf2 = b4a.from('world');
const buf3 = b4a.concat([buf1, buf2]);
Buffer Allocation
This feature allows you to allocate a new Buffer with a specified size, which is filled with zeros by default.
const b4a = require('b4a');
const buf = b4a.alloc(10); // allocates a new Buffer of 10 bytes
Buffer Conversion
This feature allows you to convert data between Buffers and strings with different encodings.
const b4a = require('b4a');
const buf = b4a.from('7468697320697320612074c3a97374', 'hex');
const str = buf.toString('utf8');
The 'buffer' package is a Node.js Buffer implementation for the browser, which is similar to b4a. It provides a polyfill for the Buffer class, allowing code written for Node.js to run in the browser without modification.
Buffer for Array (B4A) provides a set of functions for bridging the gap between the Node.js Buffer
class and the Uint8Array
class. A browser compatibility layer is also included, making it possible to use B4A in both Node.js and browsers without having to worry about whether you're dealing with buffers or typed arrays.
npm install b4a
b4a.isBuffer(value)
See https://nodejs.org/api/buffer.html#static-method-bufferisbufferobj
This will also return true
when passed a Uint8Array
.
b4a.isEncoding(encoding)
See https://nodejs.org/api/buffer.html#static-method-bufferisencodingencoding
b4a.alloc(size[, fill[, encoding]])
See https://nodejs.org/api/buffer.html#static-method-bufferallocsize-fill-encoding
b4a.allocUnsafe(size)
See https://nodejs.org/api/buffer.html#static-method-bufferallocunsafesize
b4a.allocUnsafeSlow(size)
See https://nodejs.org/api/buffer.html#static-method-bufferallocunsafeslowsize
b4a.byteLength(string)
See https://nodejs.org/api/buffer.html#static-method-bufferbytelengthstring-encoding
b4a.compare(buf1, buf2)
See https://nodejs.org/api/buffer.html#static-method-buffercomparebuf1-buf2
b4a.concat(buffers[, totalLength])
See https://nodejs.org/api/buffer.html#static-method-bufferconcatlist-totallength
b4a.copy(source, target[, targetStart[, sourceStart[, sourceEnd]]])
See https://nodejs.org/api/buffer.html#bufcopytarget-targetstart-sourcestart-sourceend
b4a.equals(buf1, buf2)
See https://nodejs.org/api/buffer.html#bufequalsotherbuffer
b4a.fill(buffer, value[, offset[, end]][, encoding])
See https://nodejs.org/api/buffer.html#buffillvalue-offset-end-encoding
b4a.from(array)
See https://nodejs.org/api/buffer.html#static-method-bufferfromarray
b4a.from(arrayBuffer[, byteOffset[, length]])
See https://nodejs.org/api/buffer.html#static-method-bufferfromarraybuffer-byteoffset-length
b4a.from(buffer)
See https://nodejs.org/api/buffer.html#static-method-bufferfrombuffer
b4a.from(string[, encoding])
See https://nodejs.org/api/buffer.html#static-method-bufferfromstring-encoding
b4a.includes(buffer, value[, byteOffset][, encoding])
See https://nodejs.org/api/buffer.html#bufincludesvalue-byteoffset-encoding
b4a.indexOf(buffer, value[, byteOffset][, encoding])
See https://nodejs.org/api/buffer.html#bufindexofvalue-byteoffset-encoding
b4a.lastIndexOf(buffer, value[, byteOffset][, encoding])
See https://nodejs.org/api/buffer.html#buflastindexofvalue-byteoffset-encoding
b4a.swap16(buffer)
See https://nodejs.org/api/buffer.html#bufswap16
b4a.swap32(buffer)
See https://nodejs.org/api/buffer.html#bufswap32
b4a.swap64(buffer)
See https://nodejs.org/api/buffer.html#bufswap64
b4a.toBuffer(buffer)
Convert a buffer to its canonical representation. In Node.js, the canonical representation is a Buffer
. In the browser, the canonical representation is a Uint8Array
.
b4a.toString(buffer, [encoding[, start[, end]]])
See https://nodejs.org/api/buffer.html#buftostringencoding-start-end
b4a.write(buffer, string[, offset[, length]][, encoding])
See https://nodejs.org/api/buffer.html#bufwritestring-offset-length-encoding
b4a.writeDoubleLE(buffer, value[, offset])
See https://nodejs.org/api/buffer.html#bufwritedoublelevalue-offset
b4a.writeFloatLE(buffer, value[, offset])
See https://nodejs.org/api/buffer.html#bufwritefloatlevalue-offset
b4a.writeUInt32LE(buffer, value[, offset])
https://nodejs.org/api/buffer.html#bufwriteuint32levalue-offset
b4a.writeInt32LE(buffer, value[, offset])
See https://nodejs.org/api/buffer.html#bufwriteint32levalue-offset
b4a.readDoubleLE(buffer[, offset])
See https://nodejs.org/api/buffer.html#bufreaddoubleleoffset
b4a.readFloatLE(buffer[, offset])
See https://nodejs.org/api/buffer.html#bufreadfloatleoffset
b4a.readUInt32LE(buffer[, offset])
See https://nodejs.org/api/buffer.html#bufreaduint32leoffset
b4a.readInt32LE(buffer[, offset])
See https://nodejs.org/api/buffer.html#bufreadint32leoffset
Apache 2.0
FAQs
Bridging the gap between buffers and typed arrays
The npm package b4a receives a total of 8,244,049 weekly downloads. As such, b4a popularity was classified as popular.
We found that b4a demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.