You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 7-8.RSVP
Sign inDemoInstall


Package Overview
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies



Compound File Binary File Format extractor

Version published

Package description

What is cfb?

The cfb npm package is a library designed for handling CFB (Compound File Binary) files, also known as Microsoft Compound Document File Format. This format is commonly used in older Microsoft Office documents like .doc, .xls, and .ppt files. The package allows for the creation, manipulation, and extraction of data from these files.

What are cfb's main functionalities?

Reading CFB files

This code demonstrates how to read a CFB file from the filesystem. It uses the `read` method of the cfb package to load a file named 'test.xls' and logs the resulting data structure to the console.

const CFB = require('cfb');
const cfb ='test.xls', {type: 'file'});

Creating CFB files

This example shows how to create a new CFB file with a file named 'newfile.txt' inside it. It demonstrates creating a new CFB structure, adding a file to it, and then writing the CFB structure to a file named 'output.cfb'.

const CFB = require('cfb');
const cfb = CFB.utils.cfb_new();
CFB.utils.cfb_add(cfb, 'newfile.txt', new Uint8Array([1, 2, 3, 4, 5]));
CFB.write(cfb, 'output.cfb');

Extracting files from CFB containers

This snippet illustrates how to extract a file from a CFB container. It reads a CFB file named 'container.cfb', searches for a file named '/WordDocument' within the container, and logs its content.

const CFB = require('cfb');
const cfb ='container.cfb', {type: 'file'});
const fileContent = CFB.find(cfb, '/WordDocument');

Other packages similar to cfb



Container File Blobs

Pure JS implementation of various container file formats, including ZIP and CFB.

Build Status Coverage Status Dependencies Status NPM Downloads Analytics


In the browser:

<script src="dist/cfb.min.js" type="text/javascript"></script>

With npm:

$ npm install cfb

The xlscfb.js file is designed to be embedded in js-xlsx

Library Usage

In node:

var CFB = require('cfb');

For example, to get the Workbook content from an Excel 2003 XLS file:

var cfb =, {type: 'file'});
var workbook = CFB.find(cfb, 'Workbook');
var data = workbook.content;

Command-Line Utility Usage

The cfb-cli module ships with a CLI tool for manipulating and inspecting supported files.


TypeScript definitions are maintained in types/index.d.ts.

The CFB object exposes the following methods and properties:

CFB.parse(blob) takes a nodejs Buffer or an array of bytes and returns an parsed representation of the data., opts) wraps parse.

CFB.find(cfb, path) performs a case-insensitive match for the path (or file name, if there are no slashes) and returns an entry object or null if not found.

CFB.write(cfb, opts) generates a file based on the container.

CFB.writeFile(cfb, filename, opts) creates a file with the specified name.

Parse Options takes an options argument. opts.type controls the behavior:

typeexpected input
"base64"string: Base64 encoding of the file
"binary"string: binary string (byte n is data.charCodeAt(n))
"buffer"nodejs Buffer
"file"string: path of file that will be read (nodejs only)
(default)buffer or array of 8-bit unsigned int (byte n is data[n])

Write Options

CFB.write and CFB.writeFile take options argument.

opts.type controls the behavior:

"base64"string: Base64 encoding of the file
"binary"string: binary string (byte n is data.charCodeAt(n))
"buffer"nodejs Buffer
"file"string: path of file that will be created (nodejs only)
(default)buffer if available, array of 8-bit unsigned int otherwise

opts.fileType controls the output file type:

'cfb' (default)CFB container
'zip'ZIP file
'mad'MIME aggregate document

opts.compression enables DEFLATE compression for ZIP file type.

Utility Functions

The utility functions are available in the CFB.utils object. Functions that accept a name argument strictly deal with absolute file names:

  • .cfb_new(?opts) creates a new container object.
  • .cfb_add(cfb, name, ?content, ?opts) adds a new file to the cfb. Set the option {unsafe:true} to skip existence checks (for bulk additions)
  • .cfb_del(cfb, name) deletes the specified file
  • .cfb_mov(cfb, old_name, new_name) moves the old file to new path and name
  • .use_zlib(require("zlib")) loads a nodejs zlib instance.

By default, the library uses a pure JS inflate/deflate implementation. NodeJS zlib.InflateRaw exposes the number of bytes read in versions after 8.11.0. If a supplied zlib does not support the required features, a warning will be displayed in the console and the pure JS fallback will be used.

Container Object Description

The objects returned by parse and read have the following properties:

  • .FullPaths is an array of the names of all of the streams (files) and storages (directories) in the container. The paths are properly prefixed from the root entry (so the entries are unique)

  • .FileIndex is an array, in the same order as .FullPaths, whose values are objects following the schema:

interface CFBEntry {
  name: string; /** Case-sensitive internal name */
  type: number; /** 1 = dir, 2 = file, 5 = root ; see [MS-CFB] 2.6.1 */
  content: Buffer | number[] | Uint8Array; /** Raw Content */
  ct?: Date; /** Creation Time */
  mt?: Date; /** Modification Time */
  ctype?: String; /** Content-Type (for MAD) */


Please consult the attached LICENSE file for details. All rights not explicitly granted by the Apache 2.0 License are reserved by the Original Author.




Package last updated on 06 Apr 2022

Did you know?


Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog


Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc