Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
p2p-media-loader-hlsjs
Advanced tools
P2P Media Loader is an open-source JavaScript library that leverages modern web browser features, such as HTML5 video and WebRTC, to enable media delivery over peer-to-peer (P2P) connections. It integrates smoothly with many popular HTML5 video players and works entirely without browser plugins or add-ons. Experience it in action with the demo.
By leveraging P2P technology, it greatly reduces reliance on traditional content delivery network (CDN) resources, lowers costs, and enhances the ability to deliver media streams to a larger audience.
This library enables the creation of a huge P2P mesh networks, also known as peer-to-peer content delivery network (P2P CDN), peer-to-peer television (P2PTV), and Enterprise Content Delivery Network (eCDN), which allows traffic sharing among users who are simultaneously viewing the same live or video on demand (VOD) stream via HLS or MPEG-DASH protocols.
All the components of the P2P network are free and open-source.
P2P Media Loader web browser requirements are:
STUN server is used by WebRTC to gather ICE candidates. There are many running public servers available on Public STUN server list.
A compatible WebTorrent tracker is required for WebRTC signaling and to create swarms of peers downloading the same media stream. A few running public trackers are available: https://tracker.novage.com.ua/, https://tracker.webtorrent.dev/, https://openwebtorrent.com/.
It is possible to run personal WebTorrent tracker using open-source implementations: wt-tracker, Aquatic, OpenWebtorrent Tracker, bittorrent-tracker.
P2P Media Loader is configured to use public STUN and WebTorrent servers by default. It means that it is not required to run any server-side software for the P2P network to function for simple use cases.
A web browser runs a video player that integrates with the P2P Media Loader library. Each instance of the library is referred to as a peer, and collectively, many peers form the P2P network.
P2P Media Loader initially downloads media segments over HTTP(S) from a source server or CDN to start media playback quickly. If no peers are available, it continues to download segments over HTTP(S), similar to a traditional media stream.
Subsequently, P2P Media Loader transmits media stream details and connection information, such as ICE candidates, to WebTorrent trackers. These trackers provide a list of other peers who are accessing the same media stream.
P2P Media Loader then connects with these peers to download additional media segments and simultaneously shares segments that it has already downloaded.
Periodically, random peers in the P2P swarm download new segments over HTTP(S) and distribute them to others via P2P.
All features listed below are fully supported across the following browsers:
Supported Features:
FAQs
P2P Media Loader hls.js integration
The npm package p2p-media-loader-hlsjs receives a total of 351 weekly downloads. As such, p2p-media-loader-hlsjs popularity was classified as not popular.
We found that p2p-media-loader-hlsjs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.