Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
PNG encoder/decoder in pure JS, supporting any bit size & interlace, async & sync with full test suite.
Simple PNG encoder/decoder for Node.js with no dependencies.
Based on pngjs with the follow enhancements.
tTRNS
transparent coloursKnown lack of support for:
Name | Forked From | Sync | Async | 16 Bit | 1/2/4 Bit | Interlace | Gamma | Encodes | Tested |
---|---|---|---|---|---|---|---|---|---|
pngjs2 | pngjs | Read | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
node-png | pngjs | No | Yes | No | No | No | Hidden | Yes | Manual |
pngjs | No | Yes | No | No | No | Hidden | Yes | Manual | |
png-coder | pngjs | No | Yes | Yes | No | No | Hidden | Yes | Manual |
pngparse | No | Yes | No | Yes | No | No | No | Yes | |
pngparse-sync | pngparse | Yes | No | No | Yes | No | No | No | Yes |
png-async | No | Yes | No | No | No | No | Yes | Yes | |
png-js | No | Yes | No | No | No | No | No | No |
Native C++ node decoders:
Tested using PNG Suite. We read every file into pngjs2, output it in standard 8bit colour, synchronously and asynchronously, then compare the original with the newly saved images.
To run the tests, run node test
.
The only thing not converted is gamma correction - this is because multiple vendors will do gamma correction differently, so the tests will have different results on different browsers.
In addition we use a tolerance of 3 for 16 bit images in PhantomJS because PhantomJS seems to have non-compliant rules for downscaling 16 bit images.
$ npm install pngjs2 --save
var fs = require('fs'),
PNG = require('pngjs2').PNG;
fs.createReadStream('in.png')
.pipe(new PNG({
filterType: 4
}))
.on('parsed', function() {
for (var y = 0; y < this.height; y++) {
for (var x = 0; x < this.width; x++) {
var idx = (this.width * y + x) << 2;
// invert color
this.data[idx] = 255 - this.data[idx];
this.data[idx+1] = 255 - this.data[idx+1];
this.data[idx+2] = 255 - this.data[idx+2];
// and reduce opacity
this.data[idx+3] = this.data[idx+3] >> 1;
}
}
this.pack().pipe(fs.createWriteStream('out.png'));
});
For more examples see examples
folder.
As input any color type is accepted (grayscale, rgb, palette, grayscale with alpha, rgb with alpha) but 8 bit per sample (channel) is the only supported bit depth. Interlaced mode is not supported.
PNG
is readable and writable Stream
.
width
- use this with height
if you want to create png from scratchheight
- as abovecheckCRC
- whether parser should be strict about checksums in source stream (default: true
)deflateChunkSize
- chunk size used for deflating data chunks, this should be power of 2 and must not be less than 256 and more than 32*1024 (default: 32 kB)deflateLevel
- compression level for delate (default: 9)deflateStrategy
- compression strategy for delate (default: 3)deflateFactory
- deflate stream factory (default: zlib.createDeflate
)filterType
- png filtering method for scanlines (default: -1 => auto, accepts array of numbers 0-4)colorType
- the output colorType - see constants. 2 = color, no alpha, 6 = color & alpha. Default currently 6, but in the future may calculate best mode.inputHasAlpha
- whether the input bitmap has 4 bits per pixel (rgb and alpha) or 3 (rgb - no alpha).function(metadata) { }
Image's header has been parsed, metadata contains this information:
width
image size in pixelsheight
image size in pixelspalette
image is palettedcolor
image is not grayscalealpha
image contains alpha channelinterlace
image is interlacedfunction(data) { }
Input image has been completly parsed, data
is complete and ready for modification.
function(error) { }
Parses PNG file data. Can be String
or Buffer
. Alternatively you can stream data to instance of PNG.
Optional callback
is once called on error
or parsed
. The callback gets
two arguments (err, data)
.
Returns this
for method chaining.
new PNG({ filterType:4 }).parse( imageData, function(error, data)
{
console.log(error, data)
});
Starts converting data to PNG file Stream.
Returns this
for method chaining.
Helper for image manipulation, copies a rectangle of pixels from current (i.e. the source) image (sx
, sy
, w
, h
) to dst
image (at dx
, dy
).
Returns this
for method chaining.
For example, the following code copies the top-left 100x50 px of in.png
into dst and writes it to out.png
:
var dst = new PNG({width: 100, height: 50});
fs.createReadStream('in.png')
.pipe(new PNG())
.on('parsed', function() {
this.bitblt(dst, 0, 0, 100, 50, 0, 0);
dst.pack().pipe(fs.createWriteStream('out.png'));
});
Helper that takes data and adjusts it to be gamma corrected. Note that it is not 100% reliable with transparent colours because that requires knowing the background colour the bitmap is rendered on to.
In tests against PNG suite it compared 100% with chrome on all 8 bit and below images. On IE there were some differences.
The following example reads a file, adjusts the gamma (which sets the gamma to 0) and writes it out again, effectively removing any gamma correction from the image.
fs.createReadStream('in.png')
.pipe(new PNG())
.on('parsed', function() {
this.adjustGamma();
this.pack().pipe(fs.createWriteStream('out.png'));
});
Width of image in pixels
Height of image in pixels
Buffer of image pixel data. Every pixel consists 4 bytes: R, G, B, A (opacity).
Gamma of image (0 if not specified)
Take a buffer and returns a PNG image. The properties on the image include the meta data and data
as per the async API above.
var data = fs.readFileSync('in.png');
var png = PNG.sync.read(data);
Adjusts the gamma of a sync image. See the async adjustGamma.
var data = fs.readFileSync('in.png');
var png = PNG.sync.read(data);
PNG.adjustGamma(png);
(The MIT License)
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
2.0.0 - 08/10/2015
FAQs
PNG encoder/decoder in pure JS, supporting any bit size & interlace, async & sync with full test suite.
The npm package pngjs2 receives a total of 4,105 weekly downloads. As such, pngjs2 popularity was classified as popular.
We found that pngjs2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.