Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
The borsh npm package is a JavaScript implementation of the Binary Object Representation Serializer for Hashing (BORSH) serialization format. It is used to serialize and deserialize complex data structures in a compact binary format, which is particularly useful in blockchain and other performance-critical applications.
Serialization
This feature allows you to serialize JavaScript objects into a binary format. The code sample demonstrates how to define a schema for a class and serialize an instance of that class.
const borsh = require('borsh');
class Greeting {
constructor({ message }) {
this.message = message;
}
}
const schema = new Map([
[Greeting, { kind: 'struct', fields: [['message', 'string']] }]
]);
const greeting = new Greeting({ message: 'Hello, world!' });
const serialized = borsh.serialize(schema, greeting);
console.log(serialized);
Deserialization
This feature allows you to deserialize binary data back into JavaScript objects. The code sample shows how to deserialize a binary array into an instance of a class using a predefined schema.
const borsh = require('borsh');
class Greeting {
constructor({ message }) {
this.message = message;
}
}
const schema = new Map([
[Greeting, { kind: 'struct', fields: [['message', 'string']] }]
]);
const serialized = new Uint8Array([10, 0, 0, 0, 72, 101, 108, 108, 111, 44, 32, 119, 111, 114, 108, 100, 33]);
const deserialized = borsh.deserialize(schema, Greeting, serialized);
console.log(deserialized);
protobufjs is a JavaScript implementation of Protocol Buffers, a language-neutral, platform-neutral, extensible mechanism for serializing structured data. It is similar to borsh in that it provides efficient serialization and deserialization of complex data structures, but it uses a different format and is more widely adopted in various industries.
msgpack-lite is a JavaScript implementation of the MessagePack serialization format. Like borsh, it provides a compact binary format for serializing and deserializing data. However, MessagePack is a more general-purpose format and is used in a variety of applications beyond blockchain.
avsc is a JavaScript library for working with Avro, a data serialization system. Avro is similar to borsh in that it provides a compact binary format for data serialization, but it also includes features for schema evolution and is widely used in big data applications.
Borsh JS is an implementation of the Borsh binary serialization format for JavaScript and TypeScript projects.
Borsh stands for Binary Object Representation Serializer for Hashing. It is meant to be used in security-critical projects as it prioritizes consistency, safety, speed, and comes with a strict specification.
const value = new Test({ x: 255, y: 20, z: '123', q: [1, 2, 3] });
const schema = new Map([[Test, { kind: 'struct', fields: [['x', 'u8'], ['y', 'u64'], ['z', 'string'], ['q', [3]]] }]]);
const buffer = borsh.serialize(schema, value);
const newValue = borsh.deserialize(schema, Test, buffer);
Borsh | TypeScript |
---|---|
u8 integer | number |
u16 integer | number |
u32 integer | number |
u64 integer | BN |
u128 integer | BN |
u256 integer | BN |
u512 integer | BN |
f32 float | N/A |
f64 float | N/A |
fixed-size byte array | Uint8Array |
UTF-8 string | string |
option | null or type |
map | N/A |
set | N/A |
structs | any |
Install dependencies:
yarn install
Continuously build with:
yarn dev
Run tests:
yarn test
Run linter
yarn lint
Prepare dist
version by running:
yarn build
When publishing to npm use np.
This repository is distributed under the terms of both the MIT license and the Apache License (Version 2.0). See LICENSE-MIT and LICENSE-APACHE for details.
FAQs
Binary Object Representation Serializer for Hashing
The npm package borsh receives a total of 312,768 weekly downloads. As such, borsh popularity was classified as popular.
We found that borsh demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.