![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
pako
Advanced tools
Package description
The pako npm package is a high-speed zlib port to JavaScript which works in the browser and node.js. It provides compression and decompression functionalities using the zlib library, which is widely used for data compression.
Compression
This feature allows you to compress a string or binary data using pako's deflate method.
const pako = require('pako');
const input = 'String to compress';
const compressed = pako.deflate(input);
Decompression
This feature allows you to decompress data that was compressed using pako's deflate method or compatible zlib compression.
const pako = require('pako');
const compressed = new Uint8Array([]); // Use a previously compressed Uint8Array
const decompressed = pako.inflate(compressed);
Gzip Compression
This feature allows you to compress data using gzip, which is a file format and a software application used for file compression and decompression.
const pako = require('pako');
const input = 'String to compress';
const compressed = pako.gzip(input);
Gzip Decompression
This feature allows you to decompress data that was compressed using pako's gzip method.
const pako = require('pako');
const compressed = new Uint8Array([]); // Use a previously gzip compressed Uint8Array
const decompressed = pako.ungzip(compressed);
The zlib package is a core module in Node.js for compression/decompression. It is similar to pako but is built into Node.js and does not work in the browser without additional bundling or shimming.
JSZip is a library for creating, reading, and editing .zip files with JavaScript, with a lovely and simple API. While pako focuses on zlib compression, JSZip provides additional functionalities to handle zip files.
Compressjs is a pure JavaScript implementation of various data compression algorithms, such as Huffman coding and Burrows-Wheeler transform. It offers a wider range of algorithms than pako, but it might not be as optimized for speed.
fflate is a high-performance, low-level deflate/inflate compression library that is faster than pako on most benchmarks. It is a newer library that focuses on performance and efficiency.
Changelog
[0.2.8] - 2015-09-14
Readme
Why pako is cool:
This project was done to understand how fast JS can be and is it necessary to develop native C modules for CPU-intensive tasks. Enjoy the result!
Famous projects, using pako:
Benchmarks:
node v0.10.26, 1mb sample:
deflate-dankogai x 4.73 ops/sec ±0.82% (15 runs sampled)
deflate-gildas x 4.58 ops/sec ±2.33% (15 runs sampled)
deflate-imaya x 3.22 ops/sec ±3.95% (12 runs sampled)
! deflate-pako x 6.99 ops/sec ±0.51% (21 runs sampled)
deflate-pako-string x 5.89 ops/sec ±0.77% (18 runs sampled)
deflate-pako-untyped x 4.39 ops/sec ±1.58% (14 runs sampled)
* deflate-zlib x 14.71 ops/sec ±4.23% (59 runs sampled)
inflate-dankogai x 32.16 ops/sec ±0.13% (56 runs sampled)
inflate-imaya x 30.35 ops/sec ±0.92% (53 runs sampled)
! inflate-pako x 69.89 ops/sec ±1.46% (71 runs sampled)
inflate-pako-string x 19.22 ops/sec ±1.86% (49 runs sampled)
inflate-pako-untyped x 17.19 ops/sec ±0.85% (32 runs sampled)
* inflate-zlib x 70.03 ops/sec ±1.64% (81 runs sampled)
node v0.11.12, 1mb sample:
deflate-dankogai x 5.60 ops/sec ±0.49% (17 runs sampled)
deflate-gildas x 5.06 ops/sec ±6.00% (16 runs sampled)
deflate-imaya x 3.52 ops/sec ±3.71% (13 runs sampled)
! deflate-pako x 11.52 ops/sec ±0.22% (32 runs sampled)
deflate-pako-string x 9.53 ops/sec ±1.12% (27 runs sampled)
deflate-pako-untyped x 5.44 ops/sec ±0.72% (17 runs sampled)
* deflate-zlib x 14.05 ops/sec ±3.34% (63 runs sampled)
inflate-dankogai x 42.19 ops/sec ±0.09% (56 runs sampled)
inflate-imaya x 79.68 ops/sec ±1.07% (68 runs sampled)
! inflate-pako x 97.52 ops/sec ±0.83% (80 runs sampled)
inflate-pako-string x 45.19 ops/sec ±1.69% (57 runs sampled)
inflate-pako-untyped x 24.35 ops/sec ±2.59% (40 runs sampled)
* inflate-zlib x 60.32 ops/sec ±1.36% (69 runs sampled)
zlib's test is partialy afferted by marshling (that make sense for inflate only). You can change deflate level to 0 in benchmark source, to investigate details. For deflate level 6 results can be considered as correct.
Install:
node.js:
npm install pako
browser:
bower install pako
Full docs - http://nodeca.github.io/pako/
var pako = require('pako');
// Deflate
//
var input = new Uint8Array();
//... fill input data here
var output = pako.deflate(input);
// Inflate (simple wrapper can throw exception on broken stream)
//
var compressed = new Uint8Array();
//... fill data to uncompress here
try {
var result = pako.inflate(compressed);
} catch (err) {
console.log(err);
}
//
// Alternate interface for chunking & without exceptions
//
var inflator = new pako.Inflate();
inflator.push(chunk1, false);
inflator.push(chunk2, false);
...
inflator.push(chunkN, true); // true -> last chunk
if (inflator.err) {
console.log(inflator.msg);
}
var output = inflator.result;
Sometime you can wish to work with strings. For example, to send
big objects as json to server. Pako detects input data type. You can
force output to be string with option { to: 'string' }
.
var pako = require('pako');
var test = { my: 'super', puper: [456, 567], awesome: 'pako' };
var binaryString = pako.deflate(JSON.stringify(test), { to: 'string' });
//
// Here you can do base64 encode, make xhr requests and so on.
//
var restored = JSON.parse(pako.inflate(binaryString, { to: 'string' }));
Pako does not contain some specific zlib functions:
deflateCopy
, deflateBound
, deflateParams
,
deflatePending
, deflatePrime
, deflateSetDictionary
, deflateTune
.inflateGetDictionary
, inflateCopy
, inflateMark
,
inflatePrime
, inflateSetDictionary
, inflateSync
, inflateSyncPoint
,
inflateUndermine
.Personal thanks to:
MIT
FAQs
Unknown package
We found that pako demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.