Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
mute-stream
Advanced tools
The mute-stream package is a Node.js module that allows you to mute and unmute writable streams, such as process.stdout or any other stream. This can be particularly useful for hiding user input during password prompts or suppressing output for clean logging.
Muting and unmuting a stream
This feature allows you to mute the output of a stream so that data written to it does not appear on the terminal or the piped destination. You can then unmute the stream to resume normal output.
const MuteStream = require('mute-stream');
const ms = new MuteStream();
ms.pipe(process.stdout);
ms.write('This will be displayed.');
ms.mute();
ms.write('This will not be displayed.');
ms.unmute();
ms.write('This will be displayed again.');
Muting and unmuting with a boolean
This feature provides an alternative way to mute and unmute the stream by passing a boolean value to the mute method.
const MuteStream = require('mute-stream');
const ms = new MuteStream();
ms.pipe(process.stdout);
ms.mute(true);
ms.write('This will not be displayed.');
ms.mute(false);
ms.write('This will be displayed.');
Setting up a prompt with muted input
This feature is useful for creating command-line prompts where you want to hide the user's input, such as password fields.
const MuteStream = require('mute-stream');
const readline = require('readline');
const ms = new MuteStream();
ms.pipe(process.stdout);
const rl = readline.createInterface({
input: process.stdin,
output: ms
});
rl.question('Enter your password: ', (password) => {
ms.mute();
console.log(`Your password is: ${password}`);
rl.close();
});
The readline-sync package provides synchronous Readline for interactively running to have a conversation with the user via a console(TTY). It can also hide user input on the console, similar to what mute-stream does, but it is designed for synchronous operations and does not require streams to work.
This package is an npm registry client that suppresses output unless there is an error. It is similar to mute-stream in that it controls the visibility of output, but it is specifically tailored for interactions with the npm registry.
Bytes go in, but they don't come out (when muted).
This is a basic pass-through stream, but when muted, the bytes are silently dropped, rather than being passed through.
const MuteStream = require('mute-stream')
const ms = new MuteStream(options)
ms.pipe(process.stdout)
ms.write('foo') // writes 'foo' to stdout
ms.mute()
ms.write('bar') // does not write 'bar'
ms.unmute()
ms.write('baz') // writes 'baz' to stdout
// can also be used to mute incoming data
const ms = new MuteStream()
input.pipe(ms)
ms.on('data', function (c) {
console.log('data: ' + c)
})
input.emit('data', 'foo') // logs 'foo'
ms.mute()
input.emit('data', 'bar') // does not log 'bar'
ms.unmute()
input.emit('data', 'baz') // logs 'baz'
All options are optional.
replace
Set to a string to replace each character with the
specified string when muted. (So you can show ****
instead of the
password, for example.)
prompt
If you are using a replacement char, and also using a
prompt with a readline stream (as for a Password: *****
input),
then specify what the prompt is so that backspace will work
properly. Otherwise, pressing backspace will overwrite the prompt
with the replacement character, which is weird.
Set muted
to true
. Turns .write()
into a no-op.
Set muted
to false
True if the pipe destination is a TTY, or if the incoming pipe source is a TTY.
The other standard readable and writable stream methods are all available. The MuteStream object acts as a facade to its pipe source and destination.
2.0.0 (2024-09-24)
mute-stream
now supports node ^18.17.0 || >=20.5.0
8550977
#85 enable auto publish (#85) (@reggi)7290739
#83 run template-oss-apply (@hashtagchris)f7c34f1
#81 Bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot])4a0a0e1
#82 Bump @npmcli/template-oss from 4.23.1 to 4.23.3 (@dependabot[bot])5c71213
#79 Bump @npmcli/template-oss from 4.22.0 to 4.23.1 (@dependabot[bot])28ed532
#70 bump @npmcli/template-oss to 4.22.0 (@lukekarrys)bfce761
#69 Bump @npmcli/template-oss from 4.21.3 to 4.21.4 (@dependabot[bot])563f5a9
#65 Bump @npmcli/template-oss from 4.21.1 to 4.21.3 (@dependabot[bot])e8378c7
#62 Bump @npmcli/template-oss from 4.19.0 to 4.21.1 (@dependabot[bot])fb2cc45
#43 Bump @npmcli/template-oss from 4.18.1 to 4.19.0 (@dependabot[bot])bfdb357
#42 Bump @npmcli/template-oss from 4.18.0 to 4.18.1 (@dependabot[bot])9d8a006
#41 Bump @npmcli/template-oss from 4.17.0 to 4.18.0 (@dependabot[bot])7262cbb
#40 Bump @npmcli/template-oss from 4.15.1 to 4.17.0 (@dependabot[bot])e937e09
#39 Bump @npmcli/template-oss from 4.14.1 to 4.15.1 (@dependabot[bot])680314a
#38 Bump @npmcli/template-oss from 4.13.0 to 4.14.1 (#38) (@dependabot[bot], @npm-cli-bot)af0ab95
#36 Bump @npmcli/template-oss from 4.12.1 to 4.13.0 (#36) (@dependabot[bot], @npm-cli-bot, @nlf)c409b8b
#37 minor readme update (#37) (@nlf)11453d7
#35 Bump @npmcli/template-oss from 4.12.0 to 4.12.1 (#35) (@dependabot[bot], @npm-cli-bot)28e1f16
#34 Bump @npmcli/template-oss from 4.11.4 to 4.12.0 (@dependabot[bot])fcd2267
#33 Bump @npmcli/template-oss from 4.11.3 to 4.11.4 (@dependabot[bot])6e43e36
#32 Bump @npmcli/template-oss from 4.11.0 to 4.11.3 (@dependabot[bot])1bc3d48
#82 postinstall for dependabot template-oss PR (@hashtagchris)FAQs
Bytes go in, but they don't come out (when muted).
The npm package mute-stream receives a total of 33,100,419 weekly downloads. As such, mute-stream popularity was classified as popular.
We found that mute-stream demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.