Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
gulp-brotli
Advanced tools
A gulp plugin for file compression using the brotli compression included in node.js's zlib native module, without any native or WASM extraneous libraries.
A gulp plugin for file compression using the brotli compression included in node.js's zlib native module, without any native or WASM extraneous libraries.
gulp-brotli
is available as npm package, you can use npm
to install it:
npm install --save-dev gulp-brotli
Since gulp-brotli
uses the
native brotli support in node.js,
all the native API's options are directly exposed to keep things simple and
flexible. The only extra options are:
extension
- specifies the file name extension to add the file names of all
compressed files (without the leading dot (.
)). The extension
option
is optional and defaults to br
.skipLarger
- when true
, any compressed files that would end up being
larger that their uncompressed versions will be omitted from the output.
The skipLarger
option is optional and defaults to false
. The option is
ignored for streams.import gulpBrotli from 'gulp-brotli'
import gulp from 'gulp'
import zlib from 'zlib'
export function compressBrotli() {
return gulp
.src(`path/to/files/to/compress`)
.pipe(gulpBrotli({
// the options are documented at https://nodejs.org/docs/latest-v10.x/api/zlib.html#zlib_class_brotlioptions
params: {
// brotli parameters are documented at https://nodejs.org/docs/latest-v10.x/api/zlib.html#zlib_brotli_constants
[zlib.constants.BROTLI_PARAM_QUALITY]: zlib.constants.BROTLI_MAX_QUALITY,
},
}))
.pipe(gulp.dest(`destination/path/which/is/usually/the/source/path`))
}
Here's an example showing the extension
and skipLarger
options, as well as
the compress
alias:
import gulpBrotli from 'gulp-brotli'
import gulp from 'gulp'
import zlib from 'zlib'
export function compressBrotli() {
return gulp
.src(`path/to/files/to/compress`)
.pipe(gulpBrotli.compress({
extension: 'brotli',
skipLarger: true,
// the options are documented at https://nodejs.org/docs/latest-v10.x/api/zlib.html#zlib_class_brotlioptions
params: {
// brotli parameters are documented at https://nodejs.org/docs/latest-v10.x/api/zlib.html#zlib_brotli_constants
[zlib.constants.BROTLI_PARAM_QUALITY]: zlib.constants.BROTLI_MAX_QUALITY,
},
}))
.pipe(gulp.dest(`destination/path/which/is/usually/the/source/path`))
}
You may use the default configuration by omitting the options object
altogether. The following example shows
streaming the files
instead of buffering them (the skipLarger
option would be ignored in this
case):
import gulpBrotli from 'gulp-brotli'
import gulp from 'gulp'
import zlib from 'zlib'
export function compressBrotli() {
return gulp
.src(`path/to/files/to/compress`, {buffer: false})
.pipe(gulpBrotli.compress()) // Or you may use .pipe(gulpBrotli()) instead
.pipe(gulp.dest(`destination/path/which/is/usually/the/source/path`))
}
Decompressing files like this will also remove the .br
file name extension
from the resulting files (unless another extension is specified using the
extension
option):
import gulpBrotli from 'gulp-brotli'
import gulp from 'gulp'
import zlib from 'zlib'
export function decompressBrotli() {
return gulp
.src(`path/to/files/to/compress`)
.pipe(gulpBrotli.decompress({
// the options are documented at https://nodejs.org/docs/latest-v10.x/api/zlib.html#zlib_class_brotlioptions
params: {
// brotli parameters are documented at https://nodejs.org/docs/latest-v10.x/api/zlib.html#zlib_brotli_constants
},
}))
.pipe(gulp.dest(`destination/path/which/is/usually/the/source/path`))
}
The options object is optional here as well if you want to use the default configuration.
FAQs
A gulp plugin for file compression using the brotli compression included in node.js's zlib native module, without any native or WASM extraneous libraries.
We found that gulp-brotli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.