Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The jpeg-js npm package is a pure JavaScript JPEG encoder and decoder for node.js and browsers. It allows users to decode JPEG images into a bitmap and encode bitmaps into JPEG format. This package is useful for image processing tasks where manipulation of JPEG images is required.
Decoding JPEG images
This feature allows users to decode JPEG images into a raw image data object, which includes width, height, and an image data buffer.
const jpeg = require('jpeg-js');
const jpegData = fs.readFileSync('image.jpg');
const rawImageData = jpeg.decode(jpegData);
Encoding raw image data to JPEG
This feature allows users to encode raw image data (RGBA format) into a JPEG image. The quality of the output JPEG can be specified.
const jpeg = require('jpeg-js');
const fs = require('fs');
const frameData = Buffer.alloc(width * height * 4);
// ... populate frameData with raw RGBA image data ...
const rawImageData = { data: frameData, width: width, height: height };
const jpegImageData = jpeg.encode(rawImageData, 50); // Quality is 50 out of 100
fs.writeFileSync('new-image.jpg', jpegImageData.data);
Sharp is a high-performance Node.js image processing library that converts large images in common formats to smaller, web-friendly JPEG, PNG, WebP, and AVIF images of varying dimensions. It is faster than jpeg-js as it's built on libvips which is a faster image processing library compared to JavaScript-based solutions.
Jimp is an image processing library for Node.js that provides a simpler API for common image manipulation tasks. It supports a range of image formats, including JPEG, and offers functionality similar to jpeg-js but with additional features like resizing, cropping, and filtering.
Image-js is a library for image processing and manipulation in JavaScript. It supports reading and writing JPEG images and provides a broader set of features for image analysis and manipulation compared to jpeg-js.
A pure javascript JPEG encoder and decoder for node.js
NOTE: this is a synchronous (i.e. CPU-blocking) library that is much slower than native alternatives. If you don't need a pure javascript implementation, consider using async alternatives like sharp in node or the Canvas API in the browser.
This module is installed via npm:
$ npm install jpeg-js
Will decode a buffer or typed array into a Buffer
;
var jpeg = require('jpeg-js');
var jpegData = fs.readFileSync('grumpycat.jpg');
var rawImageData = jpeg.decode(jpegData);
console.log(rawImageData);
/*
{ width: 320,
height: 180,
data: <Buffer 5b 40 29 ff 59 3e 29 ff 54 3c 26 ff 55 3a 27 ff 5a 3e 2f ff 5c 3c 31 ff 58 35 2d ff 5b 36 2f ff 55 35 32 ff 5a 3a 37 ff 54 36 32 ff 4b 32 2c ff 4b 36 ... > }
*/
To decode directly into a Uint8Array
, pass useTArray: true
in options
decode
:
var jpeg = require('jpeg-js');
var jpegData = fs.readFileSync('grumpycat.jpg');
var rawImageData = jpeg.decode(jpegData, {useTArray: true}); // return as Uint8Array
console.log(rawImageData);
/*
{ width: 320,
height: 180,
data: { '0': 91, '1': 64, ... } } // typed array
*/
Option | Description | Default |
---|---|---|
colorTransform | Transform alternate colorspaces like YCbCr. undefined means respect the default behavior encoded in metadata. | undefined |
useTArray | Decode pixels into a typed Uint8Array instead of a Buffer . | false |
formatAsRGBA | Decode pixels into RGBA vs. RGB. | true |
tolerantDecoding | Be more tolerant when encountering technically invalid JPEGs. | true |
maxResolutionInMP | The maximum resolution image that jpeg-js should attempt to decode in megapixels. Images larger than this resolution will throw an error instead of decoding. | 100 |
maxMemoryUsageInMB | The (approximate) maximum memory that jpeg-js should allocate while attempting to decode the image in mebibyte. Images requiring more memory than this will throw an error instead of decoding. | 512 |
var jpeg = require('jpeg-js');
var width = 320,
height = 180;
var frameData = new Buffer(width * height * 4);
var i = 0;
while (i < frameData.length) {
frameData[i++] = 0xff; // red
frameData[i++] = 0x00; // green
frameData[i++] = 0x00; // blue
frameData[i++] = 0xff; // alpha - ignored in JPEGs
}
var rawImageData = {
data: frameData,
width: width,
height: height,
};
var jpegImageData = jpeg.encode(rawImageData, 50);
console.log(jpegImageData);
/*
{ width: 320,
height: 180,
data: <Buffer 5b 40 29 ff 59 3e 29 ff 54 3c 26 ff 55 3a 27 ff 5a 3e 2f ff 5c 3c 31 ff 58 35 2d ff 5b 36 2f ff 55 35 32 ff 5a 3a 37 ff 54 36 32 ff 4b 32 2c ff 4b 36 ... > }
*/
// write to file
fs.writeFileSync('image.jpg', jpegImageData.data);
This library builds on the work of two other JPEG javascript libraries, namely jpgjs for the decoding which is licensed under the Apache 2.0 License below:
Copyright 2011 notmasteryet
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
The encoding is based off a port of the JPEG encoder in as3corelib.
The port to Javascript was done by by Andreas Ritter, www.bytestrom.eu, 11/2009.
The Adobe License for the encoder is:
Adobe
Copyright (c) 2008, Adobe Systems Incorporated All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
Neither the name of Adobe Systems Incorporated nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
jpeg-js is an OPEN Open Source Project. This means that:
Individuals making significant and valuable contributions are given commit-access to the project to contribute as they see fit. This project is more like an open wiki than a standard guarded open source project.
See the CONTRIBUTING.md file for more details.
jpeg-js is only possible due to the excellent work of the following contributors:
Adobe | GitHub/adobe |
---|---|
Yury Delendik | GitHub/notmasteryet |
Eugene Ware | GitHub/eugeneware |
Michael Kelly | GitHub/mrkelly |
Peter Liljenberg | GitHub/petli |
XadillaX | GitHub/XadillaX |
strandedcity | GitHub/strandedcity |
wmossman | GitHub/wmossman |
Patrick Hulce | GitHub/patrickhulce |
Ben Wiley | GitHub/benwiley4000 |
FAQs
A pure javascript JPEG encoder and decoder
We found that jpeg-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.