Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
The jszip npm package is a library for creating, reading, and editing .zip files with JavaScript. It allows for the manipulation of zip files directly in the browser or in a Node.js environment. With jszip, users can generate new zip files, add files and folders to them, extract their contents, and more.
Creating a new zip file
This code creates a new zip file with a single file 'Hello.txt' containing the text 'Hello World' and saves it as 'example.zip'.
const JSZip = require('jszip');
const zip = new JSZip();
zip.file('Hello.txt', 'Hello World');
zip.generateAsync({type: 'nodebuffer'}).then(function(content) {
require('fs').writeFileSync('example.zip', content);
});
Adding a folder and files
This code adds a folder named 'images' to the zip file and then adds a file 'smile.gif' with base64 encoded image data to this folder.
const JSZip = require('jszip');
const zip = new JSZip();
const imgFolder = zip.folder('images');
imgFolder.file('smile.gif', imgData, {base64: true});
zip.generateAsync({type: 'nodebuffer'}).then(function(content) {
require('fs').writeFileSync('example.zip', content);
});
Reading a zip file
This code reads an existing zip file 'example.zip' and logs the names of all files contained within it.
const JSZip = require('jszip');
const fs = require('fs');
const zip = new JSZip();
fs.readFile('example.zip', function(err, data) {
if (err) throw err;
zip.loadAsync(data).then(function(contents) {
Object.keys(contents.files).forEach(function(filename) {
console.log(filename);
});
});
});
Extracting a file from a zip
This code extracts the content of the file 'Hello.txt' from the zip file 'example.zip' and logs it to the console.
const JSZip = require('jszip');
const fs = require('fs');
const zip = new JSZip();
fs.readFile('example.zip', function(err, data) {
if (err) throw err;
zip.loadAsync(data).then(function() {
zip.file('Hello.txt').async('string').then(function(content) {
console.log(content);
});
});
});
Archiver is a streaming interface for archive generation, supporting ZIP and TAR formats. It provides a higher level of abstraction and is suitable for creating archives on the fly. Compared to jszip, Archiver is more stream-oriented, which can be more efficient for large files.
ADM-ZIP is a pure JavaScript implementation for zip data compression for NodeJS. It provides functionalities to read and write zip files, similar to jszip. However, it does not have as many features for manipulating zip files and lacks some of the more advanced options available in jszip.
Pako is a high-speed zlib port to JavaScript, which works in the browser and Node.js. It focuses on performance and supports compression and decompression (inflate/deflate), but it does not provide the zip file structure manipulation that jszip offers.
Yazl is a minimalistic zip library for Node.js. It focuses on creating zip files and offers a simple API. Unlike jszip, yazl does not support reading or modifying existing zip files, which makes it less versatile.
A library for creating, reading and editing .zip files with Javascript, with a lovely and simple API.
See http://stuartk.com/jszip for all the documentation.
var zip = new JSZip();
zip.file("Hello.txt", "Hello World\n");
var img = zip.folder("images");
img.file("smile.gif", imgData, {base64: true});
var content = zip.generate({type:"blob"});
// see FileSaver.js
saveAs(content, "example.zip");
/*
Results in a zip containing
Hello.txt
images/
smile.gif
*/
JSZip is dual-licensed. You may use it under the MIT license or the GPLv3 license. See LICENSE.markdown.
FAQs
Create, read and edit .zip files with JavaScript http://stuartk.com/jszip
The npm package jszip receives a total of 7,293,911 weekly downloads. As such, jszip popularity was classified as popular.
We found that jszip demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.