Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
image-headers
Advanced tools
Parse image headers from a stream without loading the entire image.
This is a simple class that can be used with a stream to read all the metadata from an image file without storing the entire file in memory.
Typically, most libraries in Node take in the stream, save it somewhere (either a Buffer or to disk), then hand the image file off to an external library.
We have a image uploader service that basically proxies through the stream directly to S3 - we don't want to hit our disk at all. This was the only way we could hit that goal and still get our metadata.
npm install image-headers
See the test file for how we are using it. Here's the key snippet:
image_headers = new ImageHeaders()
new DataReader(file_name)
.on "error", (error) ->
console.log ("error: " + error)
return callback(error)
.on "byte", (b) ->
# console.log ("byte: " + b)
image_headers.add_bytes(b) unless image_headers.finished
.on "end", () ->
# console.log ("EOF");
image_headers.finish (err, image_headers) ->
return callback(err, image_headers)
.read()
That's in CoffeeScript.
The finish
call is important - it's what processes the EXIF tags (and
in the future anything similar that can benefit from an external library). This
keeps our code simpler from having us stream and parse EXIF on the fly. No library
does this well, as far as I can find.
See the LICENSE file for details, but short version: MIT License.
FAQs
Parse image headers from a stream without loading the entire image.
We found that image-headers demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.