
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
fonteditor-core
Advanced tools
fonts (ttf, woff, woff2, eot, svg, otf) parse, write, transform, glyph adjust.
FontEditor core functions
Read and write sfnt font like ttf, woff, woff2, eot, svg, otf.
// read font file
import {Font} from 'fonteditor-core';
import fs from 'fs';
const buffer = fs.readFileSync('font.ttf');
// read font data, support format:
// - for ttf, otf, woff, woff2, support ArrayBuffer, Buffer
// - for svg, support string or Document(parsed svg)
const font = Font.create(buffer, {
// support ttf, woff, woff2, eot, otf, svg
type: 'ttf',
// only read `a`, `b` glyphs
subset: [65, 66],
// read font hinting tables, default false
hinting: true,
// read font kerning tables, default false
kerning: true,
// transform ttf compound glyph to simple
compound2simple: true,
// inflate function for woff
inflate: undefined,
// for svg path
combinePath: false,
});
const fontObject = font.get();
console.log(Object.keys(fontObject));
/* => [ 'version',
'numTables',
'searchRenge',
'entrySelector',
'rengeShift',
'head',
'maxp',
'glyf',
'cmap',
'name',
'hhea',
'post',
'OS/2',
'fpgm',
'cvt',
'prep'
]
*/
// write font file
const buffer = font.write({
// support ttf, woff, woff2, eot, svg
type: 'woff',
// save font hinting tables, default false
hinting: false,
// save font kerning tables, default false
kerning: false,
// write glyf data when simple glyph has no contours, default false
writeZeroContoursGlyfData: false,
// deflate function for woff, eg. pako.deflate
deflate: undefined,
// for user to overwrite head.xMin, head.xMax, head.yMin, head.yMax, hhea etc.
support: {head: {}, hhea: {}}
});
fs.writeFileSync('font.woff', buffer);
// to base64 str
font.toBase64({
// support ttf, woff, woff2, eot, svg
type: 'ttf'
});
// optimize glyphs
font.optimize()
// compound2simple
font.compound2simple()
// sort glyphs
font.sort()
// find glyphs
const result = font.find({
unicode: [65]
});
const result = font.find({
filter: function (glyf) {
return glyf.name === 'icon'
}
});
// merge another font object
font.merge(font1, {
scale: 1
});
Notice: woff2 use wasm build of google woff2, before read and write woff2
, we should first call woff2.init()
.
import {Font, woff2} from 'fonteditor-core';
// in nodejs
woff2.init().then(() => {
// read woff2
const font = Font.create(buffer, {
type: 'woff2'
});
// write woff2
const buffer = font.write({type: 'woff2'});
});
// in browser
woff2.init('/assets/woff2.wasm').then(() => {
// read woff2
const font = Font.createEmpty();
// write woff2
const arrayBuffer = font.write({type: 'woff2'});
});
npm run dev
npm run build
npm run test
Node.js:>= 12.0
Browser: Chrome, Safari
MIT © Fonteditor
FAQs
fonts (ttf, woff, woff2, eot, svg, otf) parse, write, transform, glyph adjust.
The npm package fonteditor-core receives a total of 18,212 weekly downloads. As such, fonteditor-core popularity was classified as popular.
We found that fonteditor-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.