Security News
Inside Lodash’s Security Reset and Maintenance Reboot
Lodash 4.17.23 marks a security reset, with maintainers rebuilding governance and infrastructure to support long-term, sustainable maintenance.
By Sarah Gooding - Jan 31, 2026
Latest Socket ResearchMalicious Chrome Extension Performs Hidden Affiliate Hijacking.Details →
git-packfile
Advanced tools
git-packfile
read object data out of git packfiles, applying ofs/ref deltas and zlib decompression.
var packfile = require('git-packfile')
, idxparse = require('git-packidx-parser')
fs.createReadStream('path/to/idx')
.pipe(idxparse())
.on('data', next)
function next(packIndex) {
var pack = packfile(
fs.statSync('path/to/packfile')
, lookup
, readStream
)
lookup(<some git hash as a buffer>, function(err, object) {
// obj === {type: git type number, data: buffer}
})
function readStream(start, end) {
return fs.createReadStream('path/to/packfile', {
start: start
, end: end
})
}
function lookup(oid, ready) {
var location = packIndex.find(oid)
pack.read(location.offset, location.next, ready)
}
}
API
packfile(size, lookupRef, createReadStream) -> Packfile instance
create a packfile instance. all arguments are required.
lookupRef should be a function that takes a buffer instance and a callback,
and calls that callback with the results of searching for that hash against all
available object databases.
createReadStream is a function that takes a byte start and end, and should
return a readable stream object.
Packfile#read(offset, nextOffset, ready)
Read from offset until nextOffset (given by the pack index), and calls ready with the result.
Returned objects look like so:
{ type: <integer git object type>
, data: <Buffer> }
The data is decompressed and has all deltas already applied to it.
License
MIT
FAQs
git packfile library for looking up and decoding git objects
The npm package git-packfile receives a total of 23 weekly downloads. As such, git-packfile popularity was classified as not popular.
We found that git-packfile demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 17 Mar 2013
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
n8n Tops 2025 JavaScript Rising Stars as Workflow Platforms Gain Momentum
n8n led JavaScript Rising Stars 2025 by a wide margin, with workflow platforms seeing the largest growth across categories.
By Sarah Gooding - Jan 29, 2026
Security News
Federal Government Rescinds Software Supply Chain Mandates, Makes SBOMs Optional
The U.S. government is rolling back software supply chain mandates, shifting from mandatory SBOMs and attestations to a risk-based approach.
By Sarah Gooding - Jan 28, 2026