
Research
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
mpd-parser
Advanced tools
The mpd-parser npm package is used to parse MPEG-DASH (Dynamic Adaptive Streaming over HTTP) MPD (Media Presentation Description) files. It provides tools to read and interpret the structure and content of MPD files, which are XML-based manifests that describe media content and how it should be streamed.
Parsing MPD files
This feature allows you to parse an MPD XML string into a JavaScript object. The code sample demonstrates how to use the `mpd-parser` package to parse a simple MPD XML string and log the resulting JavaScript object.
const mpdParser = require('mpd-parser');
const mpdXml = '<MPD xmlns="urn:mpeg:dash:schema:mpd:2011" type="static" mediaPresentationDuration="PT0H4M40.414S" minBufferTime="PT1.500S"><Period><AdaptationSet mimeType="video/mp4" codecs="avc1.4d401e" width="640" height="360" frameRate="30" startWithSAP="1" segmentAlignment="true"><Representation id="1" bandwidth="500000"><BaseURL>video/</BaseURL><SegmentList timescale="1000" duration="2000"><SegmentURL media="segment1.m4s" /><SegmentURL media="segment2.m4s" /></SegmentList></Representation></AdaptationSet></Period></MPD>';
const parsedManifest = mpdParser.parse(mpdXml);
console.log(parsedManifest);
Generating MPD files
This feature allows you to generate an MPD XML string from a JavaScript object. The code sample demonstrates how to use the `mpd-parser` package to convert a JavaScript object representing an MPD manifest into an XML string.
const mpdParser = require('mpd-parser');
const manifestObject = {
type: 'static',
mediaPresentationDuration: 'PT0H4M40.414S',
minBufferTime: 'PT1.500S',
periods: [
{
adaptationSets: [
{
mimeType: 'video/mp4',
codecs: 'avc1.4d401e',
width: 640,
height: 360,
frameRate: 30,
startWithSAP: 1,
segmentAlignment: true,
representations: [
{
id: '1',
bandwidth: 500000,
baseURL: 'video/',
segmentList: {
timescale: 1000,
duration: 2000,
segmentURLs: [
{ media: 'segment1.m4s' },
{ media: 'segment2.m4s' }
]
}
}
]
}
]
}
]
};
const mpdXml = mpdParser.generate(manifestObject);
console.log(mpdXml);
Dash.js is a reference client implementation for the playback of MPEG-DASH via JavaScript and compliant browsers. It provides a more comprehensive solution for DASH playback, including features like adaptive bitrate streaming, DRM support, and more. Unlike mpd-parser, which focuses on parsing and generating MPD files, dash.js is designed for full playback functionality.
Shaka Player is an open-source JavaScript library for adaptive video streaming. It supports DASH and HLS and includes features like offline storage, DRM, and live streaming. Shaka Player is more feature-rich compared to mpd-parser, which is focused solely on MPD parsing and generation.
mpd parser
npm install --save mpd-parser
// get your manifest in whatever way works best
// for example, by reading the file from the filesystem in node
// or using fetch in a browser like so:
const manifestUri = 'https://example.com/dash.xml';
const res = await fetch(manifestUri);
const manifest = await res.text();
// A callback function to handle events like errors or warnings
const eventHandler = ({ type, message }) => console.log(`${type}: ${message}`);
var parsedManifest = mpdParser.parse(manifest, { manifestUri, eventHandler });
If dealing with a live stream, then on subsequent calls to parse, the previously parsed
manifest object should be provided as an option to parse
using the previousManifest
option:
const newParsedManifest = mpdParser.parse(
manifest,
// parsedManifest comes from the prior example
{ manifestUri, previousManifest: parsedManifest }
);
The parser ouputs a plain javascript object with the following structure:
Manifest {
allowCache: boolean,
contentSteering: {
defaultServiceLocation: string,
proxyServerURL: string,
queryBeforeStart: boolean,
serverURL: string
},
endList: boolean,
mediaSequence: number,
discontinuitySequence: number,
playlistType: string,
playlists: [
{
attributes: {},
Manifest
}
],
mediaGroups: {
AUDIO: {
'GROUP-ID': {
default: boolean,
autoselect: boolean,
language: string,
uri: string,
instreamId: string,
characteristics: string,
forced: boolean
}
},
VIDEO: {},
'CLOSED-CAPTIONS': {},
SUBTITLES: {}
},
dateTimeString: string,
dateTimeObject: Date,
targetDuration: number,
totalDuration: number,
discontinuityStarts: [number],
segments: [
{
byterange: {
length: number,
offset: number
},
duration: number,
attributes: {},
discontinuity: number,
uri: string,
timeline: number,
key: {
method: string,
uri: string,
iv: string
},
map: {
uri: string,
byterange: {
length: number,
offset: number
}
},
'cue-out': string,
'cue-out-cont': string,
'cue-in': string
}
]
}
To include mpd-parser on your website or web application, use any of the following methods.
<script>
TagThis is the simplest case. Get the script in whatever way you prefer and include it on your page.
<script src="//path/to/mpd-parser.min.js"></script>
<script>
var mpdParser = window['mpd-parser'];
var parsedManifest = mpdParser.parse(manifest, { manifestUri });
</script>
When using with Browserify, install mpd-parser via npm and require
the parser as you would any other module.
var mpdParser = require('mpd-parser');
var parsedManifest = mpdParser.parse(manifest, { manifestUri });
With ES6:
import { parse } from 'mpd-parser';
const parsedManifest = parse(manifest, { manifestUri });
When using with RequireJS (or another AMD library), get the script in whatever way you prefer and require
the parser as you normally would:
require(['mpd-parser'], function(mpdParser) {
var parsedManifest = mpdParser.parse(manifest, { manifestUri });
});
Apache-2.0. Copyright (c) Brightcove, Inc
FAQs
mpd parser
The npm package mpd-parser receives a total of 464,896 weekly downloads. As such, mpd-parser popularity was classified as popular.
We found that mpd-parser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 21 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
Security News
pip, PDM, pip-audit, and the packaging library are already adding support for Python’s new lock file format.
Product
Socket's Go support is now generally available, bringing automatic scanning and deep code analysis to all users with Go projects.