Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!
The 'bl' (Buffer List) npm package is a utility that provides a storage mechanism for Node.js Buffer data. It allows for the collection of Buffer objects, and provides a way to access the combined data as a single contiguous Buffer or a stream. It is useful for handling streams of binary data and can simplify the process of collecting and manipulating this data.
Collecting stream data
This code sample demonstrates how to collect data from an HTTP response stream and convert it to a string once the stream ends.
const { BufferList } = require('bl');
const bl = new BufferList();
require('http').get('http://example.com', (res) => {
res.pipe(bl);
res.on('end', () => {
console.log(bl.toString());
});
});
Appending buffers and strings
This code sample shows how to append both strings and Buffer objects to a BufferList instance, and then convert the entire list to a string.
const { BufferList } = require('bl');
const bl = new BufferList();
bl.append('first string ');
bl.append(Buffer.from('second string'));
console.log(bl.toString());
Random access to data
This code sample illustrates how to perform random access on the data within a BufferList by using the slice method to retrieve a portion of the data.
const { BufferList } = require('bl');
const bl = new BufferList();
bl.append('hello ');
bl.append('world');
console.log(bl.slice(0, 5).toString()); // 'hello'
Duplex stream compatibility
This code sample demonstrates how BufferList can be used as a duplex stream, where data piped into it can be manipulated and then piped out to another destination.
const { BufferListStream } = require('bl');
const blStream = new BufferListStream();
process.stdin.pipe(blStream).pipe(process.stdout);
The 'concat-stream' package is similar to 'bl' in that it collects stream data into buffers and then concatenates them. It differs in its API and the way it handles the output, providing a callback function to access the concatenated result.
The 'buffers' package provides a way to manage a collection of Node.js Buffer objects, similar to 'bl'. It offers a different API for buffer manipulation, including methods for slicing and dicing buffer collections.
The 'bufferstreams' package is another alternative that allows for buffering of streaming data into a single Buffer or string. It is similar to 'bl' but focuses more on providing a stream interface for buffering and less on direct buffer manipulation.
A Node.js Buffer list collector, reader and streamer thingy.
bl is a storage object for collections of Node Buffers, exposing them with the main Buffer readable API. Also works as a duplex stream so you can collect buffers from a stream that emits them and emit buffers to a stream that consumes them!
The original buffers are kept intact and copies are only done as necessary. Any reads that require the use of a single original buffer will return a slice of that buffer only (which references the same memory as the original buffer). Reads that span buffers perform concatenation as required and return the results transparently.
const BufferList = require('bl')
var bl = new BufferList()
bl.append(new Buffer('abcd'))
bl.append(new Buffer('efg'))
bl.append('hi') // bl will also accept & convert Strings
bl.append(new Buffer('j'))
bl.append(new Buffer([ 0x3, 0x4 ]))
console.log(bl.length) // 12
console.log(bl.slice(0, 10).toString('ascii')) // 'abcdefghij'
console.log(bl.slice(3, 10).toString('ascii')) // 'defghij'
console.log(bl.slice(3, 6).toString('ascii')) // 'def'
console.log(bl.slice(3, 8).toString('ascii')) // 'defgh'
console.log(bl.slice(5, 10).toString('ascii')) // 'fghij'
// or just use toString!
console.log(bl.toString()) // 'abcdefghij\u0003\u0004'
console.log(bl.toString('ascii', 3, 8)) // 'defgh'
console.log(bl.toString('ascii', 5, 10)) // 'fghij'
// other standard Buffer readables
console.log(bl.readUInt16BE(10)) // 0x0304
console.log(bl.readUInt16LE(10)) // 0x0403
Give it a callback in the constructor and use it just like concat-stream:
const bl = require('bl')
, fs = require('fs')
fs.createReadStream('README.md')
.pipe(bl(function (err, data) { // note 'new' isn't strictly required
// `data` is a complete Buffer object containing the full data
console.log(data.toString())
}))
Note that when you use the callback method like this, the resulting data
parameter is a concatenation of all Buffer
objects in the list. If you want to avoid the overhead of this concatenation (in cases of extreme performance consciousness), then avoid the callback method and just listen to 'end'
instead, like a standard Stream.
Or to fetch a URL using hyperquest (should work with request and even plain Node http too!):
const hyperquest = require('hyperquest')
, bl = require('bl')
, url = 'https://raw.github.com/rvagg/bl/master/README.md'
hyperquest(url).pipe(bl(function (err, data) {
console.log(data.toString())
}))
Or, use it as a readable stream to recompose a list of Buffers to an output source:
const BufferList = require('bl')
, fs = require('fs')
var bl = new BufferList()
bl.append(new Buffer('abcd'))
bl.append(new Buffer('efg'))
bl.append(new Buffer('hi'))
bl.append(new Buffer('j'))
bl.pipe(fs.createWriteStream('gibberish.txt'))
new BufferList([ callback ])
bl.length
bl.append(buffer)
bl.get(index)
bl.slice([ start[, end ] ])
bl.copy(dest, [ destStart, [ srcStart [, srcEnd ] ] ])
bl.duplicate()
bl.consume(bytes)
bl.toString([encoding, [ start, [ end ]]])
bl.readDoubleBE()
, bl.readDoubleLE()
, bl.readFloatBE()
, bl.readFloatLE()
, bl.readInt32BE()
, bl.readInt32LE()
, bl.readUInt32BE()
, bl.readUInt32LE()
, bl.readInt16BE()
, bl.readInt16LE()
, bl.readUInt16BE()
, bl.readUInt16LE()
, bl.readInt8()
, bl.readUInt8()
The constructor takes an optional callback, if supplied, the callback will be called with an error argument followed by a reference to the bl instance, when bl.end()
is called (i.e. from a piped stream). This is a convenient method of collecting the entire contents of a stream, particularly when the stream is chunky, such as a network stream.
Normally, no arguments are required for the constructor, but you can initialise the list by passing in a single Buffer
object or an array of Buffer
object.
new
is not strictly required, if you don't instantiate a new object, it will be done automatically for you so you can create a new instance simply with:
var bl = require('bl')
var myinstance = bl()
// equivilant to:
var BufferList = require('bl')
var myinstance = new BufferList()
Get the length of the list in bytes. This is the sum of the lengths of all of the buffers contained in the list, minus any initial offset for a semi-consumed buffer at the beginning. Should accurately represent the total number of bytes that can be read from the list.
append(buffer)
adds an additional buffer or BufferList to the internal list. this
is returned so it can be chained.
get()
will return the byte at the specified index.
slice()
returns a new Buffer
object containing the bytes within the range specified. Both start
and end
are optional and will default to the beginning and end of the list respectively.
If the requested range spans a single internal buffer then a slice of that buffer will be returned which shares the original memory range of that Buffer. If the range spans multiple buffers then copy operations will likely occur to give you a uniform Buffer.
copy()
copies the content of the list in the dest
buffer, starting from destStart
and containing the bytes within the range specified with srcStart
to srcEnd
. destStart
, start
and end
are optional and will default to the beginning of the dest
buffer, and the beginning and end of the list respectively.
duplicate()
performs a shallow-copy of the list. The internal Buffers remains the same, so if you change the underlying Buffers, the change will be reflected in both the original and the duplicate. This method is needed if you want to call consume()
or pipe()
and still keep the original list.Example:
var bl = new BufferList()
bl.append('hello')
bl.append(' world')
bl.append('\n')
bl.duplicate().pipe(process.stdout, { end: false })
console.log(bl.toString())
consume()
will shift bytes off the start of the list. The number of bytes consumed don't need to line up with the sizes of the internal Buffers—initial offsets will be calculated accordingly in order to give you a consistent view of the data.
toString()
will return a string representation of the buffer. The optional start
and end
arguments are passed on to slice()
, while the encoding
is passed on to toString()
of the resulting Buffer. See the Buffer#toString() documentation for more information.
All of the standard byte-reading methods of the Buffer
interface are implemented and will operate across internal Buffer boundaries transparently.
See the Buffer
documentation for how these work.
bl is a Node Duplex Stream, so it can be read from and written to like a standard Node stream. You can also pipe()
to and from a bl instance.
bl is brought to you by the following hackers:
=======
Copyright (c) 2013-2014 bl contributors (listed above).
bl is licensed under the MIT license. All rights not explicitly granted in the MIT license are reserved. See the included LICENSE.md file for more details.
FAQs
Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!
We found that bl demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.