
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
The is-stream npm package is a simple utility used to check if an object is a Node.js stream. It can differentiate between readable, writable, duplex (both readable and writable), and transform (a type of duplex stream) streams. This package is useful when you need to validate that a given object conforms to the stream interface expected by Node.js APIs.
Check if an object is a stream
This feature allows you to check if a given object is a Node.js stream.
const isStream = require('is-stream');
isStream(process.stdin); // true
isStream({}); // false
Check if a stream is readable
This feature allows you to check if a stream is a readable stream.
const isStream = require('is-stream');
isStream.readable(process.stdin); // true
isStream.readable(process.stdout); // false
Check if a stream is writable
This feature allows you to check if a stream is a writable stream.
const isStream = require('is-stream');
isStream.writable(process.stdout); // true
isStream.writable(process.stdin); // false
Check if a stream is a duplex stream
This feature allows you to check if a stream is a duplex stream, which is both readable and writable.
const isStream = require('is-stream');
const { Duplex } = require('stream');
const duplexStream = new Duplex();
isStream.duplex(duplexStream); // true
isStream.duplex(process.stdin); // false
Check if a stream is a transform stream
This feature allows you to check if a stream is a transform stream, which is a type of duplex stream with additional functionality.
const isStream = require('is-stream');
const { Transform } = require('stream');
const transformStream = new Transform();
isStream.transform(transformStream); // true
isStream.transform(process.stdin); // false
isstream is another package that provides a similar functionality to is-stream. It checks if an object is a stream. The main difference is in the implementation and the specific checks performed. is-stream is more up-to-date and has more downloads, suggesting it is more popular and potentially more reliable.
stream-assert is a package that provides a set of assertion functions for streams, which can be used in testing. While it includes functionality to assert the type of streams, it goes beyond just checking if an object is a stream by offering a suite of assertions for stream content and behavior.
Check if something is a Node.js stream
npm install is-stream
import fs from 'node:fs';
import {isStream} from 'is-stream';
isStream(fs.createReadStream('unicorn.png'));
//=> true
isStream({});
//=> false
Returns a boolean
for whether it's a Stream
.
Returns a boolean
for whether it's a stream.Writable
, an http.OutgoingMessage
, an http.ServerResponse
or an http.ClientRequest
.
Returns a boolean
for whether it's a stream.Readable
or an http.IncomingMessage
.
Returns a boolean
for whether it's a stream.Duplex
.
Returns a boolean
for whether it's a stream.Transform
.
Type: boolean
Default: true
When this option is true
, the method returns false
if the stream has already been closed.
FAQs
Check if something is a Node.js stream
The npm package is-stream receives a total of 105,387,477 weekly downloads. As such, is-stream popularity was classified as popular.
We found that is-stream demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.