Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
generate-subtitles
Advanced tools
Takes media file input to generate .vtt subtile files with support for threads.
npm i generate-subtitles
Checkout source code at generate-subtitles repo
This package parses video and audio files, to generate .vtt formatted subtitle files. The package is fully asynchronous and adds support for threads flag to run on lower powered systems complemented by file system support.
The package is built upon
Introducing Whisper | OpenAI's open source model
Whisper.cpp | A custom cpp implementation of whisper model in C++.
whisper-node | A similar package based on OpenAi-whisper and Whisper.cpp
Note- To run the script for first time the package needs to download the model which is then saved in /node_modules/generate-subtitles/lib/whisper.cpp/models
To do that, run
npx generate-subtitles download
and select an appropriate model.
import { generate } from "generate-subtitles";
const options = {
//required- where file must be placed
inputFile: '/path/to/the/file',
//optional- when not specified, it saves at the input Dir
outputDir: '/path/to/the/dir',
//required- (enum)Valid inputs are only 'audio' and 'video'
inputType: '/type_of_input(audio/video)',
//required
whisperFlags: {
//not required- currently supports vtt only
subFormat: 'vtt',
//required- default model is base
model: 'model_name',
//not required- when using a multilingual model
//default-english
language: 'language_name',
//not required- no of threads to run the model
//default- 7
threadCount: number,
}
}
try {
const getSubtiles= await generate(options);
//resolves with true
//An output file is generat
} catch(error) {
// rejects with an error
}
When using audio input file, it requires .wav format at 16KHz frequency
In windows based system, make(Make for Windows).
@1.0.6
Fix: Language had an error, where it took input as model name. @1.0.5
Fix: removed redundant check input.
Fix: OutputDir takes a filename, and outputs to that file.
Fix: removed unecessary lower case checks.
[Openai-whisper](Introducing Whisper)
FAQs
Takes media file input to generate .vtt subtile files with support for threads.
The npm package generate-subtitles receives a total of 5 weekly downloads. As such, generate-subtitles popularity was classified as not popular.
We found that generate-subtitles demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.