Latest Threat ResearchGlassWorm Loader Hits Open VSX via Developer Account Compromise.Details
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

ddex-builder

Package Overview
Dependencies
Maintainers
1
Versions
11
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

ddex-builder

DDEX XML builder with deterministic output and smart normalization

Source
npmnpm
Version
0.4.2
Version published
Weekly downloads
2
-71.43%
Maintainers
1
Weekly downloads
 
Created
Source

DDEX Builder - JavaScript/TypeScript Bindings

npm version Downloads Bundle Size TypeScript License: MIT

Generate deterministic, industry-compliant DDEX XML files from JavaScript/TypeScript with consistent reproducibility. Build DDEX messages with full TypeScript support, streaming capabilities, and partner-specific presets for major platforms.

Installation

npm install ddex-builder
# or
yarn add ddex-builder

Quick Start

TypeScript

import { DdexBuilder } from 'ddex-builder';

const builder = new DdexBuilder({ validate: true });

const releaseData = {
  messageHeader: {
    senderName: 'My Record Label',
    messageId: 'RELEASE_2024_001',
    sentDate: new Date('2024-01-15T10:30:00Z')
  },
  releases: [{
    releaseId: 'REL001',
    title: 'Amazing Album',
    mainArtist: 'Incredible Artist',
    labelName: 'My Record Label',
    releaseDate: '2024-02-01',
    genres: ['Pop', 'Electronic'],
    tracks: [{
      trackId: 'TRK001',
      title: 'Hit Song',
      position: 1,
      duration: 195,
      isrc: 'US1234567890',
      artists: ['Incredible Artist']
    }]
  }]
};

const xml = await builder.buildFromObject(releaseData, { version: '4.3' });
console.log('Generated DDEX XML:', xml.length, 'bytes');

Features

🎯 Deterministic Output

  • 100% reproducible XML generation with stable hash IDs
  • DB-C14N/1.0 canonicalization for deterministic consistency
  • Stable ordering ensures identical output across Node.js versions
  • Content-addressable resource IDs for reliable references

🌐 Cross-Platform Compatibility

  • Node.js 16+ with native addon performance
  • Browser support via optimized WASM bundle (<400KB)
  • TypeScript-first with comprehensive type definitions
  • ESM and CommonJS support for maximum compatibility

🏭 Industry Presets

  • YouTube Music: Content ID and monetization settings
  • Generic: Default preset for broad distributor compatibility

🚀 High Performance

  • Native Rust core with optimized Node.js bindings
  • Streaming generation for large catalogs (>10,000 tracks)
  • Memory-efficient processing with configurable limits
  • Async/await throughout with proper backpressure handling

🔒 Built-in Validation

  • Real-time DDEX schema validation with detailed error messages
  • Business rule enforcement for industry compliance
  • Reference integrity checking across the entire message
  • Territory and rights validation with suggestion engine

Performance Benchmarks

Performance comparison in different environments:

Node.js (Native Addon)

Dataset SizeBuild TimeMemory UsageOutput SizeThroughput
Single release (10 tracks)3ms8MB25KB333 releases/sec
Album catalog (100 releases)25ms35MB2.5MB40 releases/sec
Label catalog (1000 releases)180ms120MB25MB5.6 releases/sec
Large catalog (10000 releases)1.8s300MB250MB5.6 releases/sec

Browser (WASM)

Dataset SizeBuild TimeMemory UsageBundle Impact
Single release8ms12MB394KB (gzipped)
Small catalog (50 releases)85ms25MBNo additional
Medium catalog (500 releases)650ms80MBNo additional

Memory usage remains constant with streaming mode regardless of dataset size.

Round-Trip Compatibility

Perfect integration with ddex-parser for complete workflows:

import { DdexParser } from 'ddex-parser';
import { DdexBuilder } from 'ddex-builder';

// Parse existing DDEX file
const parser = new DdexParser();
const original = await parser.parseFile('input.xml');

// Modify specific fields
const modified = { ...original.flattened };
modified.releases[0].title = 'Remastered Edition';

// Build new deterministic XML
const builder = new DdexBuilder({ canonical: true });
const newXml = await builder.buildFromFlattened(modified);

// Perfect round-trip fidelity guaranteed
const reparsed = await parser.parseString(newXml);
console.assert(reparsed.releases[0].title === 'Remastered Edition');

Security

v0.4.0 includes comprehensive security enhancements:

  • Zero unsafe code, comprehensive input validation
  • Supply chain security with cargo-deny and SBOM
  • Memory-bounded processing with configurable limits
  • Built-in validation prevents malformed output
  • Deterministic generation prevents injection attacks

License

This project is licensed under the MIT License - see the LICENSE file for details.

Related Projects

Built with ❤️ for the music industry. Powered by Rust + TypeScript for deterministic, type-safe DDEX generation.

Keywords

ddex
xml
builder
music
deterministic
canonicalization

FAQs

Package last updated on 17 Sep 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

The Next Open Source Security Race: Triage at Machine Speed

Security News

The Next Open Source Security Race: Triage at Machine Speed

Claude Opus 4.6 has uncovered more than 500 open source vulnerabilities, raising new considerations for disclosure, triage, and patching at scale.

By Sarah Gooding  -  Feb 06, 2026
Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise

Research

/

Security News

Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise

Malicious dYdX client packages were published to npm and PyPI after a maintainer compromise, enabling wallet credential theft and remote code execution.

By Kush Pandya  -  Feb 06, 2026