Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Image encoders & decoders built with WebAssembly.
Module | Encoder | Decoder |
---|---|---|
jpeg | MozJPEG | |
png | OxiPNG + imagequant | image-png |
qoi | qoi | |
webp | libwebp | |
heic | libheif + x265 | libheif + libde265 |
avif | libavif + aom | |
jxl | libjxl | |
wp2 | libwebp2 |
[!WARNING] Since libheif does not support specify thread count for x265 encoder, call
encode
of the heic module must in webworker, and it does not support Node.
Requirement: The target environment must support WebAssembly SIMD.
pnpm add icodec
Use in browser:
// All codec modules (see the table above) are named export.
import { avif, jxl } from "icodec";
const response = await fetch("https://raw.githubusercontent.com/Kaciras/icodec/master/test/snapshot/image.avif")
// This should be called once before you invoke `decode()`
await avif.loadDecoder();
// Decode AVIF to ImageData.
const image = avif.decode(await response.arrayBuffer());
// Encode the image to JPEG XL, also need to load the encoder WASM first.
await jxl.loadEncoder();
/*
* The image parameter must have properties:
* {
* width: number;
* height: number;
* data: Uint8Array | Uint8ClampedArray;
* }
*/
const encoded = jxl.encode(image, /*{ options }*/);
Each codec module exports:
loadEncoder(input?)
: Load the encoder WASM file, must be called once before encode
, it accepts an optional argument:
ArrayBuffer
or ArrayBufferView
, it will be treated as the WASM bytes.This function returns the underlying WASM module, which is not part of the public API and can be changed at any time.
encode(imageData, options?)
: Encode an image with RGBA pixels data.
loadDecoder(input?)
: Like loadEncoder
, but for decode
.
decode(uint8Array)
: Convert the image to RGBA data, the return value is an ImageData
type.
mimeType
: The MIME type string of the codec.
extension
: File extension of the format.
defaultOptions
: The default options for encode
function.
type Options
: Type definition of the encode options.
The png
module export extra members:
reduceColors(imageData, options?)
: Reduces the colors used in the image at a slight loss, returns Uint8Array
.type QuantizeOptions
: Type definition of the options in reduceColors
.To use icodec in Node, just change the import specifier to icodec/node
, and loadEncoder
/loadDecoder
will use readFileSync
instead of fetch
.
import { avif, jxl } from "icodec/node";
If your bundler requires special handing of WebAssembly, you can pass the URL of WASM files to load*
function. WASM files are exported in the format icodec/<codec>-<enc|dec>.wasm
.
import { avif, jxl } from "icodec";
// Example for Vite
import AVIFEncWASM from "icodec/avif-enc.wasm?url";
import JxlDecWASM from "icodec/jxl-dec.wasm?url";
await avif.loadDecoder(AVIFEncWASM);
await jxl.loadEncoder(JxlDecWASM);
To build WASM modules, you will need to install:
Run the build script:
node build.js
TODOs:
Rnn tests:
pnpm exec tsc
node --test test/test-*.js
Start web demo:
node start-demo.js
FAQs
Image encoders & decoders built with WebAssembly
The npm package icodec receives a total of 2 weekly downloads. As such, icodec popularity was classified as not popular.
We found that icodec demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.