Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
imagemin-pngquant-envbin
Advanced tools
Imagemin plugin for `pngquant` enabled environment variable for downloading pngquant binary
$ npm install imagemin-pngquant
const imagemin = require('imagemin');
const imageminPngquant = require('imagemin-pngquant');
(async () => {
await imagemin(['images/*.png'], {
destination: 'build/images',
plugins: [
imageminPngquant()
]
});
console.log('Images optimized');
})();
Returns Promise<Buffer>
.
Type: object
Type: number
Default: 4
Values: 1
(brute-force) to 11
(fastest)
Speed 10
has 5% lower quality, but is about 8 times faster than the default. Speed 11
disables dithering and lowers compression level.
Type: boolean
Default: false
Remove optional metadata.
Type: Array<min: number, max: number>
Values: Array<0...1, 0...1>
Example: [0.3, 0.5]
Instructs pngquant to use the least amount of colors required to meet or exceed the max quality. If conversion results in quality below the min quality the image won't be saved.
Min and max are numbers in range 0 (worst) to 1 (perfect), similar to JPEG.
Type: number | boolean
Default: 1
(full)
Values: 0...1
Set the dithering level using a fractional number between 0 (none) and 1 (full).
Pass in false
to disable dithering.
Type: number
Truncate number of least significant bits of color (per channel). Use this when image will be output on low-depth displays (e.g. 16-bit RGB). pngquant will make almost-opaque pixels fully opaque and will reduce amount of semi-transparent colors.
Type: boolean
Default: false
Print verbose status messages.
Type: Buffer | Stream
Buffer or stream to optimize.
FAQs
Imagemin plugin for `pngquant` enabled environment variable for downloading pngquant binary
The npm package imagemin-pngquant-envbin receives a total of 11 weekly downloads. As such, imagemin-pngquant-envbin popularity was classified as not popular.
We found that imagemin-pngquant-envbin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.