Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!
The 'bl' (Buffer List) npm package is a utility that provides a storage mechanism for Node.js Buffer data. It allows for the collection of Buffer objects, and provides a way to access the combined data as a single contiguous Buffer or a stream. It is useful for handling streams of binary data and can simplify the process of collecting and manipulating this data.
Collecting stream data
This code sample demonstrates how to collect data from an HTTP response stream and convert it to a string once the stream ends.
const { BufferList } = require('bl');
const bl = new BufferList();
require('http').get('http://example.com', (res) => {
res.pipe(bl);
res.on('end', () => {
console.log(bl.toString());
});
});
Appending buffers and strings
This code sample shows how to append both strings and Buffer objects to a BufferList instance, and then convert the entire list to a string.
const { BufferList } = require('bl');
const bl = new BufferList();
bl.append('first string ');
bl.append(Buffer.from('second string'));
console.log(bl.toString());
Random access to data
This code sample illustrates how to perform random access on the data within a BufferList by using the slice method to retrieve a portion of the data.
const { BufferList } = require('bl');
const bl = new BufferList();
bl.append('hello ');
bl.append('world');
console.log(bl.slice(0, 5).toString()); // 'hello'
Duplex stream compatibility
This code sample demonstrates how BufferList can be used as a duplex stream, where data piped into it can be manipulated and then piped out to another destination.
const { BufferListStream } = require('bl');
const blStream = new BufferListStream();
process.stdin.pipe(blStream).pipe(process.stdout);
The 'concat-stream' package is similar to 'bl' in that it collects stream data into buffers and then concatenates them. It differs in its API and the way it handles the output, providing a callback function to access the concatenated result.
The 'buffers' package provides a way to manage a collection of Node.js Buffer objects, similar to 'bl'. It offers a different API for buffer manipulation, including methods for slicing and dicing buffer collections.
The 'bufferstreams' package is another alternative that allows for buffering of streaming data into a single Buffer or string. It is similar to 'bl' but focuses more on providing a stream interface for buffering and less on direct buffer manipulation.
A Node.js Buffer list collector, reader and streamer thingy.
bl is a storage object for collections of Node Buffers, exposing them with the main Buffer readable API. Also works as a duplex stream so you can collect buffers from a stream that emits them and emit buffers to a stream that consumes them!
The original buffers are kept intact and copies are only done as necessary. Any reads that require the use of a single original buffer will return a slice of that buffer only (which references the same memory as the original buffer). Reads that span buffers perform concatenation as required and return the results transparently.
const { BufferList } = require('bl')
const bl = new BufferList()
bl.append(Buffer.from('abcd'))
bl.append(Buffer.from('efg'))
bl.append('hi') // bl will also accept & convert Strings
bl.append(Buffer.from('j'))
bl.append(Buffer.from([ 0x3, 0x4 ]))
console.log(bl.length) // 12
console.log(bl.slice(0, 10).toString('ascii')) // 'abcdefghij'
console.log(bl.slice(3, 10).toString('ascii')) // 'defghij'
console.log(bl.slice(3, 6).toString('ascii')) // 'def'
console.log(bl.slice(3, 8).toString('ascii')) // 'defgh'
console.log(bl.slice(5, 10).toString('ascii')) // 'fghij'
console.log(bl.indexOf('def')) // 3
console.log(bl.indexOf('asdf')) // -1
// or just use toString!
console.log(bl.toString()) // 'abcdefghij\u0003\u0004'
console.log(bl.toString('ascii', 3, 8)) // 'defgh'
console.log(bl.toString('ascii', 5, 10)) // 'fghij'
// other standard Buffer readables
console.log(bl.readUInt16BE(10)) // 0x0304
console.log(bl.readUInt16LE(10)) // 0x0403
Give it a callback in the constructor and use it just like concat-stream:
const { BufferListStream } = require('bl')
const fs = require('fs')
fs.createReadStream('README.md')
.pipe(BufferListStream((err, data) => { // note 'new' isn't strictly required
// `data` is a complete Buffer object containing the full data
console.log(data.toString())
}))
Note that when you use the callback method like this, the resulting data
parameter is a concatenation of all Buffer
objects in the list. If you want to avoid the overhead of this concatenation (in cases of extreme performance consciousness), then avoid the callback method and just listen to 'end'
instead, like a standard Stream.
Or to fetch a URL using hyperquest (should work with request and even plain Node http too!):
const hyperquest = require('hyperquest')
const { BufferListStream } = require('bl')
const url = 'https://raw.github.com/rvagg/bl/master/README.md'
hyperquest(url).pipe(BufferListStream((err, data) => {
console.log(data.toString())
}))
Or, use it as a readable stream to recompose a list of Buffers to an output source:
const { BufferListStream } = require('bl')
const fs = require('fs')
var bl = new BufferListStream()
bl.append(Buffer.from('abcd'))
bl.append(Buffer.from('efg'))
bl.append(Buffer.from('hi'))
bl.append(Buffer.from('j'))
bl.pipe(fs.createWriteStream('gibberish.txt'))
new BufferList([ buf ])
BufferList.isBufferList(obj)
bl.length
bl.append(buffer)
bl.get(index)
bl.indexOf(value[, byteOffset][, encoding])
bl.slice([ start[, end ] ])
bl.shallowSlice([ start[, end ] ])
bl.copy(dest, [ destStart, [ srcStart [, srcEnd ] ] ])
bl.duplicate()
bl.consume(bytes)
bl.toString([encoding, [ start, [ end ]]])
bl.readDoubleBE()
, bl.readDoubleLE()
, bl.readFloatBE()
, bl.readFloatLE()
, bl.readInt32BE()
, bl.readInt32LE()
, bl.readUInt32BE()
, bl.readUInt32LE()
, bl.readInt16BE()
, bl.readInt16LE()
, bl.readUInt16BE()
, bl.readUInt16LE()
, bl.readInt8()
, bl.readUInt8()
new BufferListStream([ callback ])
No arguments are required for the constructor, but you can initialise the list by passing in a single Buffer
object or an array of Buffer
objects.
new
is not strictly required, if you don't instantiate a new object, it will be done automatically for you so you can create a new instance simply with:
const { BufferList } = require('bl')
const bl = BufferList()
// equivalent to:
const { BufferList } = require('bl')
const bl = new BufferList()
Determines if the passed object is a BufferList
. It will return true
if the passed object is an instance of BufferList
or BufferListStream
and false
otherwise.
N.B. this won't return true
for BufferList
or BufferListStream
instances created by versions of this library before this static method was added.
Get the length of the list in bytes. This is the sum of the lengths of all of the buffers contained in the list, minus any initial offset for a semi-consumed buffer at the beginning. Should accurately represent the total number of bytes that can be read from the list.
append(buffer)
adds an additional buffer or BufferList to the internal list. this
is returned so it can be chained.
get()
will return the byte at the specified index.
get()
will return the byte at the specified index.
indexOf()
method returns the first index at which a given element can be found in the BufferList, or -1 if it is not present.
slice()
returns a new Buffer
object containing the bytes within the range specified. Both start
and end
are optional and will default to the beginning and end of the list respectively.
If the requested range spans a single internal buffer then a slice of that buffer will be returned which shares the original memory range of that Buffer. If the range spans multiple buffers then copy operations will likely occur to give you a uniform Buffer.
shallowSlice()
returns a new BufferList
object containing the bytes within the range specified. Both start
and end
are optional and will default to the beginning and end of the list respectively.
No copies will be performed. All buffers in the result share memory with the original list.
copy()
copies the content of the list in the dest
buffer, starting from destStart
and containing the bytes within the range specified with srcStart
to srcEnd
. destStart
, start
and end
are optional and will default to the beginning of the dest
buffer, and the beginning and end of the list respectively.
duplicate()
performs a shallow-copy of the list. The internal Buffers remains the same, so if you change the underlying Buffers, the change will be reflected in both the original and the duplicate. This method is needed if you want to call consume()
or pipe()
and still keep the original list.Example:
var bl = new BufferListStream()
bl.append('hello')
bl.append(' world')
bl.append('\n')
bl.duplicate().pipe(process.stdout, { end: false })
console.log(bl.toString())
consume()
will shift bytes off the start of the list. The number of bytes consumed don't need to line up with the sizes of the internal Buffers—initial offsets will be calculated accordingly in order to give you a consistent view of the data.
toString()
will return a string representation of the buffer. The optional start
and end
arguments are passed on to slice()
, while the encoding
is passed on to toString()
of the resulting Buffer. See the Buffer#toString() documentation for more information.
All of the standard byte-reading methods of the Buffer
interface are implemented and will operate across internal Buffer boundaries transparently.
See the Buffer
documentation for how these work.
BufferListStream is a Node Duplex Stream, so it can be read from and written to like a standard Node stream. You can also pipe()
to and from a BufferListStream instance.
The constructor takes an optional callback, if supplied, the callback will be called with an error argument followed by a reference to the bl instance, when bl.end()
is called (i.e. from a piped stream). This is a convenient method of collecting the entire contents of a stream, particularly when the stream is chunky, such as a network stream.
Normally, no arguments are required for the constructor, but you can initialise the list by passing in a single Buffer
object or an array of Buffer
object.
new
is not strictly required, if you don't instantiate a new object, it will be done automatically for you so you can create a new instance simply with:
const { BufferListStream } = require('bl')
const bl = BufferListStream()
// equivalent to:
const { BufferListStream } = require('bl')
const bl = new BufferListStream()
N.B. For backwards compatibility reasons, BufferListStream
is the default export when you require('bl')
:
const { BufferListStream } = require('bl')
// equivalent to:
const BufferListStream = require('bl')
bl is brought to you by the following hackers:
Copyright (c) 2013-2019 bl contributors (listed above).
bl is licensed under the MIT license. All rights not explicitly granted in the MIT license are reserved. See the included LICENSE.md file for more details.
FAQs
Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!
The npm package bl receives a total of 29,505,236 weekly downloads. As such, bl popularity was classified as popular.
We found that bl demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.