Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
bhpack
Advanced tools
Readme
Pack binary header fields in HPACK more efficiently
Encode binary data as strings that are more efficiently encoded in HTTP/2.
var bhpack = require('bhpack');
// For cookies
var cookies = {
a: bhpack.cookie.encode(valueOfA)
};
// For URLs
var url = 'https://example.com/' +
bhpack.uri.encode(pathComponent) +
'?q=' + bhpack.query.encode(qParam);
Decode the resulting values again.
var cookieA = bhpack.cookie.decode(encodedString);
var url = require('url').parse(url, true);
var pathComponent = bhpack.uri.decode(url.pathname.substring(1));
var qParam = bhpack.query.decode(url.query.q);
It's a few percentage points. That's not a big saving unless your bandwidth costs are dominant.
I could implement this with arithmetic or range coding, which would shave this down slightly, but that hasn't happened yet, and probably won't.
Here's what node compare.js 100000 20
returned one time. That is, what the
compression is like for 100,000 random 20 byte sequences for the different
modes.
100000 random sequences of lengths: 20
Average sizes: min/ave/max (size compared against Base64+Huffman)
Raw Huffman coding (invalid): 25/48.20803/64 (203.13%)
Base 64 (no Huffman): 27/27/27 (113.77%)
Base 64 with Huffman: 20/23.73286/27 (100%)
bhpack cookie with Huffman: 19/23.6052/30 (99.46%)
bhpack URI safe with Huffman: 20/22.98342/28 (96.84%)
bhpack URI query with Huffman: 20/23.01238/28 (96.96%)
Why?
Because HPACK is kind to URI-safe base64, but not as kind as it could be.
Why not?
You don't want to do this for security reasons. Huffman encoding reveals a tiny bit about your data based on the length that it encodes to. This can be slightly worse.
FAQs
Pack binary data more efficiently into strings for HTTP/2.
The npm package bhpack receives a total of 1 weekly downloads. As such, bhpack popularity was classified as not popular.
We found that bhpack demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.