Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The jszip npm package is a library for creating, reading, and editing .zip files with JavaScript. It allows for the manipulation of zip files directly in the browser or in a Node.js environment. With jszip, users can generate new zip files, add files and folders to them, extract their contents, and more.
Creating a new zip file
This code creates a new zip file with a single file 'Hello.txt' containing the text 'Hello World' and saves it as 'example.zip'.
const JSZip = require('jszip');
const zip = new JSZip();
zip.file('Hello.txt', 'Hello World');
zip.generateAsync({type: 'nodebuffer'}).then(function(content) {
require('fs').writeFileSync('example.zip', content);
});
Adding a folder and files
This code adds a folder named 'images' to the zip file and then adds a file 'smile.gif' with base64 encoded image data to this folder.
const JSZip = require('jszip');
const zip = new JSZip();
const imgFolder = zip.folder('images');
imgFolder.file('smile.gif', imgData, {base64: true});
zip.generateAsync({type: 'nodebuffer'}).then(function(content) {
require('fs').writeFileSync('example.zip', content);
});
Reading a zip file
This code reads an existing zip file 'example.zip' and logs the names of all files contained within it.
const JSZip = require('jszip');
const fs = require('fs');
const zip = new JSZip();
fs.readFile('example.zip', function(err, data) {
if (err) throw err;
zip.loadAsync(data).then(function(contents) {
Object.keys(contents.files).forEach(function(filename) {
console.log(filename);
});
});
});
Extracting a file from a zip
This code extracts the content of the file 'Hello.txt' from the zip file 'example.zip' and logs it to the console.
const JSZip = require('jszip');
const fs = require('fs');
const zip = new JSZip();
fs.readFile('example.zip', function(err, data) {
if (err) throw err;
zip.loadAsync(data).then(function() {
zip.file('Hello.txt').async('string').then(function(content) {
console.log(content);
});
});
});
Archiver is a streaming interface for archive generation, supporting ZIP and TAR formats. It provides a higher level of abstraction and is suitable for creating archives on the fly. Compared to jszip, Archiver is more stream-oriented, which can be more efficient for large files.
ADM-ZIP is a pure JavaScript implementation for zip data compression for NodeJS. It provides functionalities to read and write zip files, similar to jszip. However, it does not have as many features for manipulating zip files and lacks some of the more advanced options available in jszip.
Pako is a high-speed zlib port to JavaScript, which works in the browser and Node.js. It focuses on performance and supports compression and decompression (inflate/deflate), but it does not provide the zip file structure manipulation that jszip offers.
Yazl is a minimalistic zip library for Node.js. It focuses on creating zip files and offers a simple API. Unlike jszip, yazl does not support reading or modifying existing zip files, which makes it less versatile.
A library for creating, reading and editing .zip files with JavaScript, with a lovely and simple API.
See https://stuk.github.io/jszip for all the documentation.
const zip = new JSZip();
zip.file("Hello.txt", "Hello World\n");
const img = zip.folder("images");
img.file("smile.gif", imgData, {base64: true});
zip.generateAsync({type:"blob"}).then(function(content) {
// see FileSaver.js
saveAs(content, "example.zip");
});
/*
Results in a zip containing
Hello.txt
images/
smile.gif
*/
JSZip is dual-licensed. You may use it under the MIT license or the GPLv3 license. See LICENSE.markdown.
v3.10.1 2022-08-02
const
instead var
in example from README.markdown #828Internals:
FAQs
Create, read and edit .zip files with JavaScript http://stuartk.com/jszip
The npm package jszip receives a total of 8,551,224 weekly downloads. As such, jszip popularity was classified as popular.
We found that jszip demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.