Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
This software wraps popular LibGD graphics library into Node.JS module which helps interpreting graphics inside Node.JS. Rather than writing dozens of native codes, this software uses `ffi` to wrap libgd api methods into JavaScript functions.
This software wraps popular LibGD graphics library into Node.JS module which helps interpreting graphics inside Node.JS.
Rather than writing dozens of native codes, this software uses ffi
to wrap libgd api methods into JavaScript functions.
gdimage
requires ref
and node-ffi
which are native modules, so you need a C++ compiler (gcc, llvm, msvc etc.)
before installing it.
Also, GD native library is required. In Linux / OSX, you can install it with a package manager
npm install gdimage
(sudo) apt-get install libgd3 # in debian/ubuntu
(sudo) yum install gd # in fedora/centos
brew install gd # in osx
In Windows, you need to download and install libgd
manually, see Gd for Windows
Usage example:
var gd = require('gdimage');
var image = gd.create(200, 100);
var white = image.allocateColor('#ffffff'),
red = image.allocateColor('#ff0000');
image.fill(0, 0, 200, 100, white);
image.line(0, 0, 200, 100, red, true);
var buf = image.encode('png');
require('fs').writeFileSync('out.png', buf);
function create(int width, int height, boolean trueColor = true): GDImage
Creates a new GDImage
instance.
When trueColor
set to true
, the image is in TrueColor mode, the total color count is unlimited.
Parameters:
width
the image width, in pixelsheight
the image height, in pixelstrueColor
whether TrueColor mode is enabled, default to true.Returns:
a new GDImage
instance
function decode(Buffer buf, string format = 'auto'): GDImage
Decodes a image file content into a GDImage instance.
Parameters:
buf
a buffer that contains file content.format
a string or mime type denoting the format of the image. The format name is case insensitive.
When set to 'auto'
, the file format is guessed by the file head. Supported image formats are:
bmp
image/bmp
application/x-ms-bmp
application/x-bmp
jpg
jpe
jpeg
jfif
jfi
jif
image/jpeg
gif
image/gif
png
image/png
tiff
tif
image/tiff
Returns:
a GDImage
instance, which maybe TrueColor or not, depending on the file format.
function trueColor(r, g, b, a): Color
function trueColor(string rgb): Color
function trueColor(string rgba): Color
Resolves a 32 bit RGBA true color. trueColor
accepts several types of arguments:
gd.trueColor('#RRGGBB')
, where 'RRGGBB' is hex color codes. For Example #FF0000
denotes red
gd.trueColor('#RRGGBBAA')
gd.trueColor(r, g, b)
, where r
, g
, b
are digits between 0
~ 255
gd.trueColor(r, g, b, a)
, where a
is a number between 0
and 1
So gd.trueColor('#ff00ff')
is equivalent to gd.trueColor('#ff00ffff')
, as well as gd.trueColor(255, 0, 255, 1)
A GDImage
object wraps a native libgd image instance, and wraps several native methods into javascript functions
which helps us working with it. Methods and fields available are as follows.
int
GDImage::width, int
GDImage::heightthe width and height of the image, in pixels.
function toTrueColor(): GDImage
Converts a platte image to true color. Calling this on a true color image has no effects.
Returns the GDImage itself.
function destroy()
Destroys the image, frees memories and resources. A GDImage
must be freed manually to prevent memory leak.
function allocateColor(r, g, b, a): Color
Allocates a color in the color space. image.allocateColor
accepts same arguments as gd.trueColor
.
If the image is in true color mode, image.allocateColor
acts like gd.trueColor
.
If the image is in platte mode, for example it is decoded from a PNG8
or GIF
file, the color allocation
may fail because the color platte cannot have more colors. To prevent the potential failure, you can
image.toTrueColor()
.image.getClosestColor(rgba)
image.resolveColor(rgba)
function getColor(int r, int g, int b, int a = 1): Color
function getColor(string rgb): Color
function getColor(string rgba): Color
Gets an existing color from the color space. If none matching, an exception is thrown.
Not that image.GetColor
acts like gd.trueColor
in true color mode, it will never fail.
Gets an existing color closest to the rgba value from the color space.
Not that image.GetColor
acts like gd.trueColor
in true color mode, it will never fail.
This method will always return a color instance. First it tries to find a matching color, if none matching, it tries to allocate a new color. If both failed, it returns a closest color from the color space.
Not that image.GetColor
acts like gd.trueColor
in true color mode, it will never fail.
function scale(int new_width, int new_height, boolean auto_destroy = false): GDImage
Scales the image into new size. If auto_destroy is set to true, the current image is destroyed after the it is scaled.
Returns a new GDImage
created.
function rotate(float angle, Color bg_color = null, boolean auto_close = false): GDImage
Rotates the image clockwise. angle
shold be between 0~360
. When angle
is not 90
180
270
, the bg_color
is used
to fill the empty.
Returns a new GDImage
created.
function line(int x1, int y1, int x2, int y2, Color color, boolean anti_aliased = false): GDImage
Draws a solid line from (x1, y1)
to (x2, y2)
. If anti_aliased
is set to true, anti-aliasing is enabled
Returns the GDImage itself.
function text(string str, int x, int y, double size, Color color, double angle = 0, string font = "arial"): GDImage
Writes text with true type font, returns a rect which wraps the text.
Parameters:
str
text to writex
y
start coordinate of the baselinesize
text size in dots/pixelscolor
foreground colorangle
angle of baseline, in degreesfont
name/path of font, such as arial
times
courier
, or Symbol.ttf
, or /System/Library/Fonts/Symbol.ttf
etc. You can supply multi names with ;
Returns an array of 4 digits denoting an rectangle of the bounds: [x, y, w, h]
In Windows, check C:\WINDOWS\FONTS
C:\WINNT\FONTS
for files named *.ttf
.
In Unix/Linux, check /usr/share/fonts/TrueType
/usr/lib/X11/fonts
etc.
In Mac/OSX, check /Library/Fonts
/System/Library/Fonts
.
Note that modern os uses ttc
file format which is not supported by libgd.
If you want to use some fonts that the os does not supply, you should download and install the font files
in ttf
format or put them in your project directory and specify the font path as below.
To use custom font paths, you can supply an environment variable with the paths, separated with :
or;
# in posix shell:
GDFONTPATH="/Users/kyrios.li/fonts:/Library/Fonts" node start
# in windows cmd:
set GDFONTPATH="C:\\Users\\kyrios.li\\fonts;C:\\Windows\\Fonts"
Or just set the font path in node.js:
process.env.GDFONTPATH = require('path').resolve(__dirname, 'fonts') + ':/Library/Fonts';
function encode(string format, boolean auto_close = false): Buffer
Encodes the image into image file content. Supported formats are:
bmp
png
jpg
jpeg
gif
tiff
Webp
FAQs
This software wraps popular LibGD graphics library into Node.JS module which helps interpreting graphics inside Node.JS. Rather than writing dozens of native codes, this software uses `ffi` to wrap libgd api methods into JavaScript functions.
We found that gdimage demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.