Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The plist npm package is a library for Node.js that allows users to parse and build XML Property List (plist) data. Property lists are a structured file format used primarily by macOS and iOS for storing serialized objects. The plist package provides functionality to convert between plist files and JavaScript objects, making it useful for tasks such as configuration management, data serialization, and interacting with Apple ecosystem data formats.
Parsing plist files
This feature allows you to read and parse plist files into JavaScript objects. The code sample demonstrates how to read a plist file asynchronously and parse its content.
const plist = require('plist');
const fs = require('fs');
fs.readFile('example.plist', 'utf8', function(err, data) {
if (err) throw err;
const parsedData = plist.parse(data);
console.log(parsedData);
});
Building plist files
This feature allows you to create plist files from JavaScript objects. The code sample shows how to convert an object into plist format and then write it to a file.
const plist = require('plist');
const fs = require('fs');
const obj = {
key1: 'value1',
key2: 'value2'
};
const plistContent = plist.build(obj);
fs.writeFile('example.plist', plistContent, function(err) {
if (err) throw err;
console.log('Plist file has been saved!');
});
simple-plist is another npm package that provides similar functionality to plist. It allows for reading and writing plist files. Compared to plist, simple-plist may offer a simpler API and potentially fewer features, focusing on basic plist operations.
bplist-parser is a package specifically designed to parse binary plist files. While plist handles both XML and binary formats, bplist-parser is optimized for binary plists, which might make it faster or more efficient for that specific use case.
Provides facilities for reading and writing Mac OS X Plist (property list) files. These are often used in programming OS X and iOS applications, as well as the iTunes configuration XML file.
Plist files represent stored programming "object"s. They are very similar to JSON. A valid Plist file is representable as a native JavaScript Object and vice-versa.
Install using npm
:
$ npm install --save plist
Then require()
the plist module in your file:
var plist = require('plist');
// now use the `parse()` and `build()` functions
var val = plist.parse('<plist><string>Hello World!</string></plist>');
console.log(val); // "Hello World!"
Include the dist/plist.js
in a <script>
tag in your HTML file:
<script src="plist.js"></script>
<script>
// now use the `parse()` and `build()` functions
var val = plist.parse('<plist><string>Hello World!</string></plist>');
console.log(val); // "Hello World!"
</script>
Parsing a plist from filename
var plist = require('plist');
var obj = plist.parseFileSync('myPlist.plist');
console.log(JSON.stringify(obj));
Parsing a plist from string payload
var plist = require('plist');
var obj = plist.parseStringSync('<plist><string>Hello World!</string></plist>');
console.log(obj); // Hello World!
Given an existing JavaScript Object, you can turn it into an XML document that complies with the plist DTD:
var plist = require('plist');
console.log(plist.build({'foo' : 'bar'}).toString());
(The MIT License)
Copyright (c) 2010-2014 Nathan Rajlich nathan@tootallnate.net
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Apple's property list parser/builder for Node.js and browsers
The npm package plist receives a total of 2,234,926 weekly downloads. As such, plist popularity was classified as popular.
We found that plist demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.