Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
The jpeg-js npm package is a pure JavaScript JPEG encoder and decoder for node.js and browsers. It allows users to decode JPEG images into a bitmap and encode bitmaps into JPEG format. This package is useful for image processing tasks where manipulation of JPEG images is required.
Decoding JPEG images
This feature allows users to decode JPEG images into a raw image data object, which includes width, height, and an image data buffer.
const jpeg = require('jpeg-js');
const jpegData = fs.readFileSync('image.jpg');
const rawImageData = jpeg.decode(jpegData);
Encoding raw image data to JPEG
This feature allows users to encode raw image data (RGBA format) into a JPEG image. The quality of the output JPEG can be specified.
const jpeg = require('jpeg-js');
const fs = require('fs');
const frameData = Buffer.alloc(width * height * 4);
// ... populate frameData with raw RGBA image data ...
const rawImageData = { data: frameData, width: width, height: height };
const jpegImageData = jpeg.encode(rawImageData, 50); // Quality is 50 out of 100
fs.writeFileSync('new-image.jpg', jpegImageData.data);
Sharp is a high-performance Node.js image processing library that converts large images in common formats to smaller, web-friendly JPEG, PNG, WebP, and AVIF images of varying dimensions. It is faster than jpeg-js as it's built on libvips which is a faster image processing library compared to JavaScript-based solutions.
Jimp is an image processing library for Node.js that provides a simpler API for common image manipulation tasks. It supports a range of image formats, including JPEG, and offers functionality similar to jpeg-js but with additional features like resizing, cropping, and filtering.
Image-js is a library for image processing and manipulation in JavaScript. It supports reading and writing JPEG images and provides a broader set of features for image analysis and manipulation compared to jpeg-js.
A pure javascript JPEG encoder and decoder for node.js
This module is installed via npm:
$ npm install jpeg-js
Will decode a buffer or typed array into a Buffer
;
var jpeg = require('jpeg-js');
var jpegData = fs.readFileSync('grumpycat.jpg');
var rawImageData = jpeg.decode(jpegData);
console.log(rawImageData);
/*
{ width: 320,
height: 180,
data: <Buffer 5b 40 29 ff 59 3e 29 ff 54 3c 26 ff 55 3a 27 ff 5a 3e 2f ff 5c 3c 31 ff 58 35 2d ff 5b 36 2f ff 55 35 32 ff 5a 3a 37 ff 54 36 32 ff 4b 32 2c ff 4b 36 ... > }
*/
To decode directly into a Uint8Array
, pass true
as the second argument to
decode
:
var jpeg = require('jpeg-js');
var jpegData = fs.readFileSync('grumpycat.jpg');
var rawImageData = jpeg.decode(jpegData, true); // return as Uint8Array
console.log(rawImageData);
/*
{ width: 320,
height: 180,
data: { '0': 91, '1': 64, ... } } // typed array
*/
var jpeg = require('jpeg-js');
var width = 320, height = 180;
var frameData = new Buffer(width * height * 4);
var i = 0;
while (i < frameData.length) {
frameData[i++] = 0xFF; // red
frameData[i++] = 0x00; // green
frameData[i++] = 0x00; // blue
frameData[i++] = 0xFF; // alpha - ignored in JPEGs
}
var rawImageData = {
data: frameData,
width: width,
height: height
};
var jpegImageData = jpeg.encode(rawImageData, 50);
console.log(jpegImageData);
/*
{ width: 320,
height: 180,
data: <Buffer 5b 40 29 ff 59 3e 29 ff 54 3c 26 ff 55 3a 27 ff 5a 3e 2f ff 5c 3c 31 ff 58 35 2d ff 5b 36 2f ff 55 35 32 ff 5a 3a 37 ff 54 36 32 ff 4b 32 2c ff 4b 36 ... > }
*/
// write to file
fs.writeFileSync("image.jpg", jpegImageData.data);
This library builds on the work of two other JPEG javascript libraries, namely jpgjs for the decoding which is licensed under the Apache 2.0 License below:
Copyright 2011 notmasteryet
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
The encoding is based off a port of the JPEG encoder in as3corelib.
The port to Javascript was done by by Andreas Ritter, www.bytestrom.eu, 11/2009.
The Adobe License for the encoder is:
Adobe
Copyright (c) 2008, Adobe Systems Incorporated All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
Neither the name of Adobe Systems Incorporated nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
jpeg-js is an OPEN Open Source Project. This means that:
Individuals making significant and valuable contributions are given commit-access to the project to contribute as they see fit. This project is more like an open wiki than a standard guarded open source project.
See the CONTRIBUTING.md file for more details.
jpeg-js is only possible due to the excellent work of the following contributors:
Adobe | GitHub/adobe |
---|---|
Yury Delendik | GitHub/notmasteryet |
Eugene Ware | GitHub/eugeneware |
Michael Kelly | GitHub/mrkelly |
Peter Liljenberg | GitHub/petli |
XadillaX | GitHub/XadillaX |
strandedcity | GitHub/strandedcity |
wmossman | GitHub/wmossman |
Patrick Hulce | GitHub/patrickhulce |
Ben Wiley | GitHub/benwiley4000 |
FAQs
A pure javascript JPEG encoder and decoder
We found that jpeg-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.