![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
minipass
Advanced tools
Package description
The minipass npm package is a small, simple stream.PassThrough class. It is designed to be a minimal implementation of a streaming PassThrough, which is a type of Duplex stream that reads from a readable source and writes to a writable destination with minimal overhead. It is useful for cases where you want to collect stream data, transform it, or simply pass it through unmodified.
Basic Stream Collection
This feature allows you to collect data from a stream. The 'data' event is emitted whenever the stream has data available. The 'write' method is used to send data into the stream, and 'end' is used to signal that no more data will be written.
const MiniPass = require('minipass')
const stream = new MiniPass()
stream.on('data', chunk => {
console.log('Got some data:', chunk.toString())
})
stream.write('hello')
stream.end('world')
Piping Data
This feature demonstrates how to pipe data from a MiniPass stream to another writable stream. In this example, data is piped to a file stream, which writes the data to 'output.txt'.
const MiniPass = require('minipass')
const fs = require('fs')
const stream = new MiniPass()
const writable = fs.createWriteStream('output.txt')
stream.pipe(writable)
stream.write('hello')
stream.end('world')
Transforming Stream Data
This feature shows how to extend MiniPass to create a custom transform stream. In this example, an Uppercase class is created that converts all incoming data to uppercase before passing it through.
const MiniPass = require('minipass')
class Uppercase extends MiniPass {
write (chunk, encoding, callback) {
super.write(chunk.toString().toUpperCase(), encoding, callback)
}
}
const ucStream = new Uppercase()
ucStream.on('data', chunk => {
console.log(chunk.toString())
})
ucStream.write('hello')
ucStream.end('world')
Through2 is a tiny wrapper around Node streams.Transform, making it easy to create transform streams. It is similar to minipass in that it provides a simple way to handle stream data, but it has a slightly different API and additional convenience methods.
stream.PassThrough is a standard Node.js core module that provides a pass-through stream. It is very similar to minipass in functionality, but minipass is a userland implementation that might offer a smaller footprint and additional features not present in the core module.
Pumpify combines an array of streams into a single duplex stream. It is similar to minipass in that it deals with stream data, but it focuses on combining streams rather than simply passing data through.
Readme
A very minimal implementation of a PassThrough stream
Supports pipe()ing (including multi-pipe() and backpressure
transmission), buffering data until either a data
event handler or
pipe()
is added (so you don't lose the first chunk), and most other
cases where PassThrough is a good idea.
There is a read()
method, but it's much more efficient to consume
data from this stream via 'data'
events or by calling pipe()
into
some other stream. Calling read()
requires the buffer to be
flattened in some cases, which requires copying memory. Also,
read()
always returns Buffers, even if an encoding
option is
specified.
There is also no unpipe()
method. Once you start piping, there is
no stopping it!
This is not a through
or through2
stream. It doesn't transform
the data. It also assumes that the data will be Buffers or strings.
It doesn't support object mode.
const MiniPass = require('minipass')
const mp = new MiniPass(options) // optional: { encoding }
mp.write('foo')
mp.pipe(someOtherStream)
mp.end('bar')
FAQs
Unknown package
The npm package minipass receives a total of 87,801,827 weekly downloads. As such, minipass popularity was classified as popular.
We found that minipass demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.