
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
extract-zip
Advanced tools
The extract-zip npm package is a cross-platform library that allows users to extract the contents of ZIP archives. It provides a simple API to unzip files and directories, supporting both callback and promise-based workflows.
Extract entire ZIP archive
This feature allows users to extract all contents of a ZIP file to a specified directory. The code sample demonstrates how to use the package with async/await to extract an archive.
const extract = require('extract-zip');
async function extractZip(zipPath, outputPath) {
try {
await extract(zipPath, { dir: outputPath });
console.log('Extraction complete');
} catch (err) {
console.error('An error occurred:', err);
}
}
extractZip('path/to/archive.zip', 'path/to/extract');
Extract ZIP archive with options
This feature allows users to extract a ZIP file with additional options, such as providing a callback for each entry. The code sample shows how to skip a specific file during extraction.
const extract = require('extract-zip');
extract('path/to/archive.zip', { dir: 'path/to/extract', onEntry: (entry, zipfile) => {
if (entry.fileName === 'unwanted_file.txt') {
zipfile.readEntry();
}
}}, function (err) {
if (err) {
console.error('Error extracting zip', err);
return;
}
console.log('Extraction part of zip complete');
});
adm-zip is a JavaScript implementation for zip data compression for NodeJS. It provides functionalities to read and write zip files, similar to extract-zip, but also includes the ability to create zip files, which extract-zip does not offer.
unzipper is a small and fast streaming unzipper for NodeJS with added support for piping, which can be useful in scenarios where you want to process files as they are extracted. It is an alternative to extract-zip with a focus on streaming and parsing zip files.
yauzl is another NodeJS library for reading and extracting zip files. It aims to be a low-level and high-performance library for zip file I/O, and it's what extract-zip uses under the hood. Unlike extract-zip, yauzl does not provide a high-level API for extraction, requiring more boilerplate code to achieve similar results.
Unzip written in pure JavaScript. Extracts a zip into a directory. Available as a library or a command line program.
Uses the yauzl
ZIP parser.
Make sure you have Node 10 or greater installed.
Get the library:
npm install extract-zip --save
Install the command line program:
npm install extract-zip -g
const extract = require('extract-zip')
async function main () {
try {
await extract(source, { dir: target })
console.log('Extraction complete')
} catch (err) {
// handle any errors
}
}
dir
(required) - the path to the directory where the extracted files are writtendefaultDirMode
- integer - Directory Mode (permissions), defaults to 0o755
defaultFileMode
- integer - File Mode (permissions), defaults to 0o644
onEntry
- function - if present, will be called with (entry, zipfile)
, entry is every entry from the zip file forwarded from the entry
event from yauzl. zipfile
is the yauzl
instanceDefault modes are only used if no permissions are set in the zip file.
extract-zip foo.zip <targetDirectory>
If not specified, targetDirectory
will default to process.cwd()
.
FAQs
unzip a zip file into a directory using 100% javascript
We found that extract-zip demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
Security News
Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.
Security News
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.