Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
A node.js project that generates short videos using popular AI LLM.
A lightweight node.js project that utilizes the currently popular AI LLM in the industry to intelligently generate short videos. Without the need for complex configurations, simply input a short piece of text, and it can automatically synthesize an exciting video content.
npm install ffaivideo
Note: To run the preceding commands, Node.js and npm must be installed.
const { generateVideo } = require('ffaivideo');
generateVideo(
{
provider: 'g4f',
// Use the free g4f, or OpenAI, or Moonshot account
// provider: 'openai',
// openai: {
// apiKey: 'xxx',
// modelName: 'xxx',
// baseUrl: 'xxx',
// },
termsNum: 8,
subtitleMaxWidth: 9,
videoClipDuration: 12,
voiceName: 'zh-CN-YunjianNeural',
bgMusic: path.join(__dirname, './assets/songs/m1.mp3'),
output: path.join(__dirname, './output'),
pexels: {
apiKey: 'xxx',
},
videoScript: `
...Enter your text here
`,
},
progress => {
console.log(progress);
},
).then(videoPath => {
console.log(videoPath);
});
The current project already supports multiple AI LLM models such as OpenAI, Moonshot, Azure, g4f, Google Gemini, etc. to meet your different needs. If you want to introduce other AI LLM models, please fork this project and submit a Pull Request (PR) for us to evaluate and merge.
Before using this project, please make sure that you have applied for an API Key from the corresponding service provider. For example, if you plan to use GPT-4.0 or GPT-3.5, you need to make sure that you already have an API Key from OpenAI. In addition, you can also choose to use g4f, which is an open source library that provides free GPT usage services. Please note that although g4f is free, its service stability may fluctuate, and the usage experience may be good and bad from time to time. You can find its repository link on GitHub: https://github.com/xtekky/gpt4free.
In addition, as another option, you can apply for API services by visiting the Moonshot ai platform. After registration, you will immediately receive 15 of experience money, which is enough to support about 1,500 conversations. After successfully applying, you need to set the provider to moonshot and configure the corresponding apiKey to complete the project setup.
You need to configure apiKey, modelName and baseUrl. For azure ai, you also need to configure apiVersion.
openai: {
apiKey: 'xxxx',
modelName: 'gpt-4-turbo-preview',
baseUrl: 'https://api.openai.com/v1',
},
The video resources of this project use the Pexels website. Please visit https://www.pexels.com/api/new/ and follow the instructions to apply for a new API key so that you can use the rich materials provided by Pexels in your project.
FFAIVideo integrates Microsoft Edge's online text-to-speech service, powered by Microsoft Azure. Furthermore, it enables users to customize and set up their own app tokens for more flexible configuration and utilization of this service. As for the various voice options available for setup, you can find a detailed list in the following file within the GitHub repository: https://github.com/drawcall/FFAIVideo/blob/main/src/config/voice-config.ts. This way, you can select the most suitable voice according to your specific needs.
Since FFAIVideo relies on FFmpeg for its functionality, it is essential that you install a standard, well-maintained version of FFmpeg. This will ensure that FFAIVideo operates smoothly and without any compatibility issues.
Parameter name | Type | Default value | Description |
---|---|---|---|
provider | string | g4f | LLM Provider |
moonshot | LLMConfig | - | Moonshot configuration |
openai | LLMConfig | - | OpenAI configuration |
azure | LLMConfig | - | Azure configuration |
gemini | LLMConfig | - | Gemini configuration |
g4f | LLMConfig | - | G4F configuration |
customoAI | LLMConfig | - | custom ai configuration |
pexels | MaterialSite | - | Pexels material site |
videoScript | string | - | Script for generating videos |
videoTerms | string | string[] | - | Keywords for generating videos |
videoAspect | VideoAspect | undefined | Video aspect ratio, can be undefined by default |
videoClipDuration | number | 5 | Video clip duration, default is 5 seconds |
termsNum | number | 5 | Number of keywords |
output | string | - | Output path |
cacheDir | string | - | Cache directory |
voiceName | string | - | Voice name |
voiceVolume | number | 1.0 | Voice volume, default is 1.0 |
bgMusic | string | - | Background music |
bgMusicVolume | number | 0.5 | Background music volume, default is 0.2 |
fontsDir | string | - | Font directory |
fontSize | number | 24 | Font size |
fontName | string | - | Font name |
textColor | string | "#FFFFFF" | Text color, default is "#FFFFFF" |
strokeColor | string | "#000000" | Stroke color, default is "#000000" |
strokeWidth | number | - | Stroke width |
textBottom | number | 20 | Text bottom position |
subtitleMaxWidth | number | - | Maximum subtitle width |
debug | boolean | false | Debug mode |
lastTime | number | 5 | Last time |
materialFunc | function | null | A custom material synthesis |
removeCache | boolean | true | Whether to remove cache |
This project is inspired by and builds upon the open-source contributions from several notable repositories, including MoneyPrinterTurbo, MoneyPrinter, and MsEdgeTTS. We express our sincere gratitude to the original authors for their dedication to the open-source community and their innovative spirit.
FAQs
Unknown package
The npm package ffaivideo receives a total of 118 weekly downloads. As such, ffaivideo popularity was classified as not popular.
We found that ffaivideo demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.