Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
fonteditor-core
Advanced tools
fonteditor-core
fonts (ttf, woff, woff2, eot, svg, otf) parse, write, transform, glyph adjust.
fonteditor-core
FontEditor core functions
Feature
Read and write sfnt font like ttf, woff, woff2, eot, svg, otf.
- sfnt parse
- read, write, transform fonts
- ttf (read and write)
- woff (read and write)
- woff2 (read and write)
- eot (read and write)
- svg (read and write)
- otf (only read and convert to ttf)
- ttf glyph adjust
- svg to glyph
Usage
// read font file
import {Font} from 'fonteditor-core';
import fs from 'fs';
const buffer = fs.readFileSync('font.ttf');
// read font data, support format:
// - for ttf, otf, woff, woff2, support ArrayBuffer, Buffer
// - for svg, support string or Document(parsed svg)
const font = Font.create(buffer, {
// support ttf, woff, woff2, eot, otf, svg
type: 'ttf',
// only read `a`, `b` glyphs
subset: [65, 66],
// read font hinting tables, default false
hinting: true,
// read font kerning tables, default false
kerning: true,
// transform ttf compound glyph to simple
compound2simple: true,
// inflate function for woff
inflate: undefined,
// for svg path
combinePath: false,
});
const fontObject = font.get();
console.log(Object.keys(fontObject));
/* => [ 'version',
'numTables',
'searchRenge',
'entrySelector',
'rengeShift',
'head',
'maxp',
'glyf',
'cmap',
'name',
'hhea',
'post',
'OS/2',
'fpgm',
'cvt',
'prep'
]
*/
// write font file
const buffer = font.write({
// support ttf, woff, woff2, eot, svg
type: 'woff',
// save font hinting tables, default false
hinting: false,
// save font kerning tables, default false
kerning: false,
// write glyf data when simple glyph has no contours, default false
writeZeroContoursGlyfData: false,
// deflate function for woff, eg. pako.deflate
deflate: undefined,
// for user to overwrite head.xMin, head.xMax, head.yMin, head.yMax, hhea etc.
support: {head: {}, hhea: {}}
});
fs.writeFileSync('font.woff', buffer);
// to base64 str
font.toBase64({
// support ttf, woff, woff2, eot, svg
type: 'ttf'
});
// optimize glyphs
font.optimize()
// compound2simple
font.compound2simple()
// sort glyphs
font.sort()
// find glyphs
const result = font.find({
unicode: [65]
});
const result = font.find({
filter: function (glyf) {
return glyf.name === 'icon'
}
});
// merge another font object
font.merge(font1, {
scale: 1
});
woff2
Notice: woff2 use wasm build of google woff2, before read and write woff2, we should first call woff2.init().
import {Font, woff2} from 'fonteditor-core';
// in nodejs
woff2.init().then(() => {
// read woff2
const font = Font.create(buffer, {
type: 'woff2'
});
// write woff2
const buffer = font.write({type: 'woff2'});
});
// in browser
woff2.init('/assets/woff2.wasm').then(() => {
// read woff2
const font = Font.createEmpty();
// write woff2
const arrayBuffer = font.write({type: 'woff2'});
});
Demo
npm run dev
build
npm run build
test
npm run test
support
Node.js:>= 12.0
Browser: Chrome, Safari
Related
License
MIT © Fonteditor
FAQs
fonts (ttf, woff, woff2, eot, svg, otf) parse, write, transform, glyph adjust.
The npm package fonteditor-core receives a total of 18,212 weekly downloads. As such, fonteditor-core popularity was classified as popular.
We found that fonteditor-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 17 Jul 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025