Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Convenience wrapper for ReadableStream, with an API lifted from "from" and "through2"
The 'from2' npm package is a utility for creating readable streams using a simple API. It is particularly useful for stream-based operations where data needs to be generated or transformed on the fly. The package simplifies the process of creating custom readable streams by handling the underlying Node.js stream mechanics.
Creating a readable stream from a data source
This feature allows you to create a readable stream that emits data from an array. The stream reads data from the array and pushes it to the consumer until there's no data left, at which point it signals the end of the stream.
const from2 = require('from2');
const data = ['hello', 'world'];
const stream = from2(function(size, next) {
if (data.length === 0) return next(null, null);
next(null, data.shift());
});
stream.on('data', (chunk) => {
console.log(chunk.toString());
});
stream.on('end', () => {
console.log('Stream ended');
});
Creating a stream from an asynchronous data source
This example demonstrates how to create a readable stream that reads data from a file asynchronously. The stream uses the 'fs.readFile' method to read data and then pushes it to the stream consumer.
const from2 = require('from2');
const fs = require('fs');
const stream = from2(function(size, next) {
fs.readFile('/path/to/file.txt', (err, data) => {
if (err) return next(err);
next(null, data);
});
});
stream.on('data', (chunk) => {
console.log(chunk.toString());
});
stream.on('end', () => {
console.log('Stream ended');
});
Through2 is a tiny wrapper around Node.js streams.Transform (Streams2/3) to avoid explicit subclassing noise. It is similar to from2 but focuses more on transforming streams rather than creating readable streams from data sources.
This package is a mirror of the Streams2 and Streams3 implementations in Node-core. Similar to from2, it provides utilities for creating custom stream implementations but offers a broader API surface for handling both readable and writable streams.
from2
is a high-level module for creating readable streams that properly handle backpressure.
Convience wrapper for
readable-stream's ReadableStream
base class, with an API lifted from
from and
through2.
stream = from2([opts], read)
Where opts
are the options to pass on to the ReadableStream
constructor,
and read(size, next)
is called when data is requested from the stream.
size
is the recommended amount of data (in bytes) to retrieve.next(err)
should be called when you're ready to emit more data.For example, here's a readable stream that emits the contents of a given string:
var from = require('from2')
function fromString(string) {
return from(function(size, next) {
// if there's no more content
// left in the string, close the stream.
if (string.length <= 0) return next(null, null)
// Pull in a new chunk of text,
// removing it from the string.
var chunk = string.slice(0, size)
string = string.slice(size)
// Emit "chunk" from the stream.
next(null, chunk)
})
}
// pipe "hello world" out
// to stdout.
fromString('hello world').pipe(process.stdout)
stream = from2.obj([opts], read)
Shorthand for from2({ objectMode: true }, read)
.
createStream = from2.ctor([opts], read)
If you're creating similar streams in quick succession you can improve performance by generating a stream constructor that you can reuse instead of creating one-off streams on each call.
Takes the same options as from2
, instead returning a constructor which you
can use to create new streams.
MIT. See LICENSE.md for details.
FAQs
Convenience wrapper for ReadableStream, with an API lifted from "from" and "through2"
The npm package from2 receives a total of 6,260,583 weekly downloads. As such, from2 popularity was classified as popular.
We found that from2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.