Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
prismarine-nbt
Advanced tools
Prismarine-NBT is a JavaScript parser and serializer for NBT archives. It supports big, little, and little-varint encoded NBT files.
const fs = require('fs')
const nbt = require('prismarine-nbt')
async function main(file) {
const buffer = fs.readFileSync(file)
const { parsed, type } = await nbt.parse(buffer)
console.log('JSON serialized', JSON.stringify(parsed, null, 2))
fs.createWriteStream('bigtest.nbt').write(nbt.writeUncompressed(parsed, type)) // Write it back
}
main('bigtest.nbt')
var fs = require('fs'),
nbt = require('prismarine-nbt');
fs.readFile('bigtest.nbt', function(error, data) {
if (error) throw error;
nbt.parse(data, function(error, data) {
console.log(data.value.stringTest.value);
console.log(data.value['nested compound test'].value);
});
});
If the data is gzipped, it is automatically decompressed, for the buffer see metadata.buffer
Takes an optionally compressed data
buffer and reads the nbt data.
If the endian format
is known, it can be specified as 'big', 'little' or 'littleVarint'. If not specified, the library will
try to sequentially load as big, little and little varint until the parse is successful. The deduced type is returned as type
.
Minecraft Java Edition uses big-endian format, and Bedrock uses little-endian.
Returns a buffer with a serialized nbt value
.
Takes a buffer data
and returns a parsed nbt value.
The options
parameter is optional. When noArraySizeCheck
is true
, an array size check is disabled which allows for parsing of large arrays.
Takes a buffer data
and returns a parsed nbt value. If the buffer is gzipped, it will unzip the data first.
The options
parameter is optional. When noArraySizeCheck
is true
, an array size check is disabled which allows for parsing of large arrays.
Returns a simplified nbt representation : keep only the value to remove one level. This loses the types so you cannot use the resulting representation to write it back to nbt.
Checks whether two NBT objects are equal, returns a boolean.
Provides compiled protodef instances used to parse and serialize nbt
Provide the big-endian protodef instance used to parse and serialize nbt.
Provide the little-endian protodef instance used to parse and serialize little endian nbt.
Adds prismarine-nbt types to an ProtoDef compiler instance
Adds prismarine-nbt types to a ProtoDef interpreter instance
Provides a way to build complex nbt structures simply:
const nbt = require('prismarine-nbt')
const tag = nbt.comp({
Air: nbt.short(300),
Armor: nbt.list(nbt.comp([
{ Count: nbt.byte(0), Damage: nbt.short(0), Name: nbt.string('a') },
{ Count: nbt.byte(0), Damage: nbt.short(0), Name: nbt.string('b') },
{ Count: nbt.byte(0), Damage: nbt.short(0), Name: nbt.string('c') }
]))
})
nbt.writeUncompressed(tag) // now do something with this nbt buffer...
See index.d.ts for methods
For webpack usage, see an example configuration here.
For a web bundle with browserify (after you ran npm install prismarine-nbt
in your project):
npx browserify -r prismarine-nbt -r buffer -o pnbt.js
<script src="./pnbt.js"></script>
<script>
const nbt = require('prismarine-nbt')
const { Buffer } = require('buffer')
fetch('test.nbt').then(resp => resp.arrayBuffer())
.then(buf => nbt.parse(Buffer.from(buf))).then(console.log)
</script>
2.7.0
FAQs
A parser and serializer for NBT archives
The npm package prismarine-nbt receives a total of 9,680 weekly downloads. As such, prismarine-nbt popularity was classified as popular.
We found that prismarine-nbt demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.