Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
bufferutil
Advanced tools
The bufferutil package is a Node.js utility module that provides efficient buffer operations. It is primarily used to enhance the performance of binary data manipulation by providing a native addon for buffer operations which are faster than pure JavaScript implementations.
Masking and unmasking WebSocket frames
This feature allows you to mask and unmask data according to the WebSocket protocol, which is useful for WebSocket frame manipulation.
const bufferUtil = require('bufferutil');
const buffer = Buffer.from('Hello World');
const masked = bufferUtil.mask(buffer, Buffer.from([0x12, 0x34, 0x56, 0x78]));
const unmasked = bufferUtil.unmask(masked, Buffer.from([0x12, 0x34, 0x56, 0x78]));
Buffer concatenation
This feature provides a method to concatenate multiple buffers into a single buffer efficiently.
const bufferUtil = require('bufferutil');
const buffers = [Buffer.from('Hello'), Buffer.from(' '), Buffer.from('World')];
const concatenated = bufferUtil.concat(buffers);
Buffer comparison
This feature allows you to compare two buffers for equality, which is faster than comparing them byte-by-byte in JavaScript.
const bufferUtil = require('bufferutil');
const buffer1 = Buffer.from('Hello');
const buffer2 = Buffer.from('Hello');
const isEqual = bufferUtil.equals(buffer1, buffer2);
The 'ws' package is a WebSocket client and server implementation for Node.js. It includes a built-in buffer utility for masking and unmasking WebSocket frames, similar to bufferutil, but it is a more comprehensive solution for working with WebSockets.
The 'buffer' package is a Node.js core module that provides a way to handle binary data. It includes methods for manipulating buffers but does not have the native performance optimizations that bufferutil offers.
The 'buffers' package provides a way to work with collections of Node.js Buffer objects. It offers buffer manipulation capabilities like concatenation and slicing, but it does not focus on WebSocket frame manipulation or the native performance enhancements found in bufferutil.
bufferutil
is what makes ws
fast. It provides some utilities to efficiently
perform some operations such as masking and unmasking the data payload of
WebSocket frames.
npm install bufferutil --save-optional
The --save-optional
flag tells npm to save the package in your package.json
under the
optionalDependencies
key.
The module exports two functions. To maximize performance, parameters are not validated. It is the caller's responsibility to ensure that they are correct.
bufferUtil.mask(source, mask, output, offset, length)
Masks a buffer using the given masking-key as specified by the WebSocket protocol.
source
- The buffer to mask.mask
- A buffer representing the masking-key.output
- The buffer where to store the result.offset
- The offset at which to start writing.length
- The number of bytes to mask.'use strict';
const bufferUtil = require('bufferutil');
const crypto = require('crypto');
const source = crypto.randomBytes(10);
const mask = crypto.randomBytes(4);
bufferUtil.mask(source, mask, source, 0, source.length);
bufferUtil.unmask(buffer, mask)
Unmasks a buffer using the given masking-key as specified by the WebSocket protocol.
buffer
- The buffer to unmask.mask
- A buffer representing the masking-key.'use strict';
const bufferUtil = require('bufferutil');
const crypto = require('crypto');
const buffer = crypto.randomBytes(10);
const mask = crypto.randomBytes(4);
bufferUtil.unmask(buffer, mask);
FAQs
WebSocket buffer utils
The npm package bufferutil receives a total of 1,671,042 weekly downloads. As such, bufferutil popularity was classified as popular.
We found that bufferutil demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.