Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
mp4filechecker
Advanced tools
Check details of an mp4 file, e.g. to determine if transcoding is required
npm install mp4filechecker
Checks a File or Blob to determine if it is an mp4 file matching a particular codec and dimensions.
Usage:
import { checkMp4File } from 'mp4filechecker';
const file = fileOrBlob; // e.g. fileInput.files[0]
const options = {
maxWidth: 1280,
maxHeight: 720,
supportedMimeTypes: ['video/mp4'],
supportedVideoCodecs: [/^avc1\.42e0/, /^avc1\.4d40/, /^avc1\.6400/],
supportedAudioCodecs: ['mp4a.40.2', 'mp4a.40.5'],
};
if (checkMp4File(file, options)) {
// file matches the given options
}
I was initially trying to use ffmpeg.js to transcode the video in the browser to a desired resolution and level of compression when a user selects a video to upload (e.g. using a file input). This would alleviate the need to use server-side video compression/transcoding, or a potentially costly cloud transcoding service. Unfortunately using this method was too slow for my purposes, so the next idea I had was to use the browser to just detect if the video was already in an acceptable format (i.e. compressed using a well-supported codec and not too large in its dimensions). If the video was already acceptable, then the transcoding could be skipped. Only videos which did not meet these criteria would then be transcoded, ultimately reducing the processing costs of server-side/cloud transcoding.
After trawling github/stackoverflow for ideas, looking up information about browser support for various containers/codecs on Wikipedia, and playing with this helpful tool, I decided that (at the time of writing) there are only a few viable options for delivering video via the web:
(N.B. AV1 for both containers is also gaining popularity, but not as widely supported)
The main issue with WebM is that it's not supported on iOS/Safari (and pre-Edge Internet Explorer, for those to whom that still matters). This leaves MP4 as the only truely viable one-size-fits-all uploadable format for video files.
This library therefore targets the MP4 file, using the GPAC MP4Box JS port to parse the Mp4 file information, checking it against a list of sanctioned audio/video codecs, and ensuring the video's dimensions are within maximum bounds.
Given a video file passes this test, there can be some level of certainty that the video will not require transcoding for it to effectively and functionally be served on the web.
FAQs
Check details of an mp4 file, e.g. to determine if transcoding is required
The npm package mp4filechecker receives a total of 11,889 weekly downloads. As such, mp4filechecker popularity was classified as popular.
We found that mp4filechecker demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.