Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
What is merge2?
The merge2 npm package is a utility that allows you to merge multiple streams into a single stream in a sequential or parallel manner. It is useful for tasks such as combining file streams, merging async operations, or handling multiple sources of data in a unified way.
What are merge2's main functionalities?
Merging streams sequentially
This feature allows you to merge multiple streams one after the other. In the code sample, `stream1` and `stream2` are merged into a single stream `mergedStream`, which is then piped into a file. This is useful for combining files or data sequentially.
const merge2 = require('merge2');
const stream1 = fs.createReadStream('file1.txt');
const stream2 = fs.createReadStream('file2.txt');
const mergedStream = merge2(stream1, stream2);
mergedStream.pipe(fs.createWriteStream('combined.txt'));Merging streams in parallel
This feature allows for merging streams in parallel and dynamically adding more streams. In the example, `stream1` and `stream2` are merged, and upon the end of `stream1`, `file3.txt` is added to the merge. This is useful for handling dynamic or asynchronous stream sources.
const merge2 = require('merge2');
const stream1 = fs.createReadStream('file1.txt');
const stream2 = fs.createReadStream('file2.txt');
const mergedStream = merge2([stream1, stream2], {end: false});
stream1.on('end', () => mergedStream.add(fs.createReadStream('file3.txt')));Other packages similar to merge2
multistream
Similar to merge2, multistream allows for merging multiple streams. However, it focuses more on a simple interface for sequentially merging streams, whereas merge2 provides more flexibility in how streams are merged (e.g., parallel merging, dynamic stream addition).
combined-stream
combined-stream is another package for merging multiple streams into one. It is similar to merge2 but tends to be used more for simpler use cases where the streams are known upfront and less dynamic interaction with the streams is required.
merge2
Merge multiple streams into one stream in sequence or parallel.
Install
Install with npm
npm install merge2
Usage
const gulp = require('gulp')
const merge2 = require('merge2')
const concat = require('gulp-concat')
const minifyHtml = require('gulp-minify-html')
const ngtemplate = require('gulp-ngtemplate')
gulp.task('app-js', function () {
return merge2(
gulp.src('static/src/tpl/*.html')
.pipe(minifyHtml({empty: true}))
.pipe(ngtemplate({
module: 'genTemplates',
standalone: true
})
), gulp.src([
'static/src/js/app.js',
'static/src/js/locale_zh-cn.js',
'static/src/js/router.js',
'static/src/js/tools.js',
'static/src/js/services.js',
'static/src/js/filters.js',
'static/src/js/directives.js',
'static/src/js/controllers.js'
])
)
.pipe(concat('app.js'))
.pipe(gulp.dest('static/dist/js/'))
})
const stream = merge2([stream1, stream2], stream3, {end: false})
//...
stream.add(stream4, stream5)
//..
stream.end()
// equal to merge2([stream1, stream2], stream3)
const stream = merge2()
stream.add([stream1, stream2])
stream.add(stream3)
// merge order:
// 1. merge `stream1`;
// 2. merge `stream2` and `stream3` in parallel after `stream1` merged;
// 3. merge 'stream4' after `stream2` and `stream3` merged;
const stream = merge2(stream1, [stream2, stream3], stream4)
// merge order:
// 1. merge `stream5` and `stream6` in parallel after `stream4` merged;
// 2. merge 'stream7' after `stream5` and `stream6` merged;
stream.add([stream5, stream6], stream7)
// nest merge
// equal to merge2(stream1, stream2, stream6, stream3, [stream4, stream5]);
const streamA = merge2(stream1, stream2)
const streamB = merge2(stream3, [stream4, stream5])
const stream = merge2(streamA, streamB)
streamA.add(stream6)
API
const merge2 = require('merge2')
merge2()
merge2(options)
merge2(stream1, stream2, ..., streamN)
merge2(stream1, stream2, ..., streamN, options)
merge2(stream1, [stream2, stream3, ...], streamN, options)
return a duplex stream (mergedStream). streams in array will be merged in parallel.
mergedStream.add(stream)
mergedStream.add(stream1, [stream2, stream3, ...], ...)
return the mergedStream.
mergedStream.on('queueDrain', function() {})
It will emit 'queueDrain' when all streams merged. If you set end === false in options, this event give you a notice that should add more streams to merge or end the mergedStream.
stream
option
Type: Readable or Duplex or Transform stream.
options
option
Type: Object.
-
end -
Boolean- ifend === falsethen mergedStream will not be auto ended, you should end by yourself. Default:undefined -
pipeError -
Boolean- ifpipeError === truethen mergedStream will emiterrorevent from source streams. Default:undefined -
objectMode -
Boolean. Default:true
objectMode and other options(highWaterMark, defaultEncoding ...) is same as Node.js Stream.
License
MIT © Teambition
FAQs
Merge multiple streams into one stream in sequence or parallel.
The npm package merge2 receives a total of 36,223,804 weekly downloads. As such, merge2 popularity was classified as popular.
We found that merge2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 03 Jun 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025
Security News
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports
AI-generated slop reports are making bug bounty triage harder, wasting maintainer time, and straining trust in vulnerability disclosure programs.
By Sarah Gooding - May 06, 2025