Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
node-stream
Advanced tools
#node-stream
A small collection of stream consumers.
Install
The source is available for download from GitHub. Alternatively, you can install using npm:
npm install --save node-stream
You can then require() node-stream as normal:
const nodeStream = require('node-stream');
Documentation
first(stream, onEnd)
Consume the first item in a stream and call a callback with a buffer of that item.
nodeStream.first(
stream,
function(err, data) {
// err is null or an Error object
// data is a Buffer object
}
);
first.obj(stream, onEnd)
Consume the first item in a stream and call a callback with that item.
nodeStream.first.obj(
stream,
function(err, data) {
// err is null or an Error object
// data is an array
}
);
first.json(stream, onEnd)
Consume the first item in a stream and call a callback with a JSON parsed object. Stream will error if the consumed data is not parseable.
nodeStream.first.json(
stream,
function(err, data) {
// err is null or an Error object
// data is a JSON parsed object
}
);
forEach(stream, onData, onEnd)
Iterate through each data tick in a stream and call a callback with that data as a Buffer.
nodeStream.forEach(
stream,
function(chunk) {
// chunk is a Buffer object
},
function(err) {
// err is null or an Error object
}
);
forEach.obj(stream, onData, onEnd)
Iterate through each data tick in a stream and call a callback with that data. Similar to forEach, except it does not transform the data in any way. This is best used on object streams.
nodeStream.forEach.obj(
stream,
function(chunk) {
// chunk can be of any type
},
function(err) {
// err is null or an Error object
}
);
forEach.json(stream, onData, onEnd)
Iterate through each data tick in a stream and call a callback with that data. Similar to forEach, but returns a JSON parsed object on the data callback. The stream will error if any tick does not contain valid JSON.
nodeStream.forEach.json(
stream,
function(chunk) {
// chunk will be a JSON parsed object
},
function(err) {
// err is null or an Error object
}
);
wait(stream, onEnd)
Consume an entire stream and call a callback with a buffer of the data.
nodeStream.wait(
stream,
function(err, data) {
// err is null or an Error object
// data is a Buffer object
}
);
wait.obj(stream, onEnd)
Consume an entire stream and call a callback with an array of data. Each tick of the stream is an item in the array.
nodeStream.wait.obj(
stream,
function(err, data) {
// err is null or an Error object
// data is an array
}
);
wait.json(stream, onEnd)
Consume an entire stream and call a callback with a JSON parsed object. Stream will error if the consumed data is not parseable.
nodeStream.wait.json(
stream,
function(err, data) {
// err is null or an Error object
// data is a JSON parsed object
}
);
FAQs
Utilities for consuming, creating and manipulating node streams.
The npm package node-stream receives a total of 21,021 weekly downloads. As such, node-stream popularity was classified as popular.
We found that node-stream demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 15 May 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025