Security News
Crates.io Implements Trusted Publishing Support
Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.
By Sarah Gooding - Jul 16, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
msgpack5
A msgpack v5 implementation for node.js and the browser, with extension points
msgpack5 
A msgpack v5 implementation for node.js and the browser, with extension point support.
Install
npm install msgpack5 --save
Usage
var msgpack = require('msgpack5')() // namespace our extensions
, a = new MyType(2, 'a')
, encode = msgpack.encode
, decode = msgpack.decode
msgpack.register(0x42, MyType, mytipeEncode, mytipeDecode)
console.log(encode({ 'hello': 'world' }).toString('hex'))
// 81a568656c6c6fa5776f726c64
console.log(decode(encode({ 'hello': 'world' })))
// { hello: 'world' }
console.log(encode(a).toString('hex'))
// d5426161
console.log(decode(encode(a)) instanceof MyType)
// true
console.log(decode(encode(a)))
// { value: 'a', size: 2 }
function MyType(size, value) {
this.value = value
this.size = size
}
function mytipeEncode(obj) {
var buf = new Buffer(obj.size)
buf.fill(obj.value)
return buf
}
function mytipeDecode(data) {
var result = new MyType(data.length, data.toString('utf8', 0, 1))
, i
for (i = 0; i < data.length; i++) {
if (data.readUInt8(0) != data.readUInt8(i)) {
throw new Error('should all be the same')
}
}
return result
}
In the Browser
This library is compatible with Browserify.
If you want to use standalone, grab the file in the dist folder of
this repo, and use in your own HTML page, the module will expose a
msgpack5 global.
<script type="text/javascript"
src="./msgpack5.min.js">
</script>
To build
npm run build
API
API
msgpack()msgpack().encode()msgpack().decode()msgpack().registerEncoder()msgpack().registerDecoder()msgpack().register()msgpack().encoder()msgpack().decoder()
msgpack(options(obj))
Creates a new instance on which you can register new types for being encoded.
options:
forceFloat64, a boolean to that forces all floats to be encoded as 64-bits floats. Defaults to false.compatibilityMode, a boolean that enables "compatibility mode" which doesn't use str 8 format. Defaults to false.
encode(object)
Encodes object in msgpack, returns a bl.
decode(buf)
Decodes buf from in msgpack. buf can be a Buffer or a bl instance.
In order to support a stream interface, a user must pass in a bl instance.
registerEncoder(check(obj), encode(obj))
Register a new custom object type for being automatically encoded. The arguments are:
check, a function that will be called to check if the passed object should be encoded with theencodefunctionencode, a function that will be called to encode an object in binary form; this function must return aBufferwhich include the same type for registerDecoder.
registerDecoder(type, decode(buf))
Register a new custom object type for being automatically decoded. The arguments are:
type, is a greater than zero integer identificating the type once serializeddecode, a function that will be called to decode the object from the passedBuffer
register(type, constructor, encode(obj), decode(buf))
Register a new custom object type for being automatically encoded and decoded. The arguments are:
type, is a greater than zero integer identificating the type once serializedconstructor, the function that will be used to match the objects withinstanceofencode, a function that will be called to encode an object in binary form; this function must return aBufferthat can be deserialized by thedecodefunctiondecode, a function that will be called to decode the object from the passedBuffer
This is just a commodity that calls
registerEncoder and
registerDecoder internally.
encoder()
Builds a stream in object mode that encodes msgpack.
decoder()
Builds a stream in object mode that decodes msgpack.
LevelUp Support
msgpack5 can be used as a LevelUp
valueEncoding straight away:
var level = require('level')
, pack = msgpack()
, db = level('foo', {
valueEncoding: pack
})
, obj = { my: 'obj' }
db.put('hello', obj, function(err) {
db.get('hello', function(err, result) {
console.log(result)
db.close()
})
})
Related projects
- msgpack5rpc: An implementation of the msgpack-rpc spec on top of this library.
Disclaimer
This library is built fully on JS and on bl to simplify the code. Every improvement that keeps the same API is welcome.
Acknowledgements
This project was kindly sponsored by nearForm.
This library was originally built as the data format for JSChan.
License
MIT
Keywords
FAQs
A msgpack v5 implementation for node.js and the browser, with extension points
The npm package msgpack5 receives a total of 107,038 weekly downloads. As such, msgpack5 popularity was classified as popular.
We found that msgpack5 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 29 Oct 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Tracking Protestware Spread: 28 npm Packages Affected by Payload Targeting Russian-Language Users
Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.
By Olivia Brown - Jul 15, 2025
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
By Kirill Boychenko - Jul 14, 2025