Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
readable-stream
Advanced tools
Node.js Streams, a user-land copy of the stream library from Node.js
The readable-stream package is a userland stream module, compatible with the built-in stream module provided by Node.js. It offers the same interface and functionality as the native module, but with additional updates and bug fixes. It is particularly useful for ensuring consistent stream behavior across different Node.js versions.
Creating a readable stream
This feature allows you to create a readable stream that you can pipe to other streams or consume manually. The 'read' method is called when the stream wants to pull more data.
const { Readable } = require('readable-stream');
const myReadableStream = new Readable({
read(size) {
this.push('some data');
this.push(null); // No more data
}
});
myReadableStream.on('data', (chunk) => {
console.log(chunk.toString());
});
Creating a writable stream
This feature allows you to create a writable stream where you can write data. The 'write' method is called when the stream receives data to write.
const { Writable } = require('readable-stream');
const myWritableStream = new Writable({
write(chunk, encoding, callback) {
process.stdout.write(chunk);
callback();
}
});
process.stdin.pipe(myWritableStream);
Creating a transform stream
This feature allows you to create a transform stream that can modify data as it is read from a readable stream before it is written to a writable stream.
const { Transform } = require('readable-stream');
const myTransformStream = new Transform({
transform(chunk, encoding, callback) {
this.push(chunk.toString().toUpperCase());
callback();
}
});
process.stdin.pipe(myTransformStream).pipe(process.stdout);
Creating a duplex stream
This feature allows you to create a duplex stream that is both readable and writable. It can be used to read data from one source and write to another.
const { Duplex } = require('readable-stream');
const myDuplexStream = new Duplex({
read(size) {
this.push('data from read method');
this.push(null);
},
write(chunk, encoding, callback) {
console.log(chunk.toString());
callback();
}
});
myDuplexStream.on('data', (chunk) => {
console.log(chunk.toString());
});
myDuplexStream.write('data for write method');
Through2 is a tiny wrapper around Node.js streams.Transform that makes it easier to create transform streams. It is similar to readable-stream's Transform, but with a simpler API for most common use cases.
Highland.js manages synchronous and asynchronous code easily, using nothing more than standard JavaScript and Node-like streams. It is more functional in nature compared to readable-stream and provides a higher level abstraction for handling streams.
Stream-browserify is a browser-compatible version of Node.js' core stream module, similar to readable-stream. It allows the use of Node.js-style streams in the browser, but it is specifically designed to polyfill the native Node.js stream module for browser use.
Buffer List (bl) is a storage object for collections of Node Buffers, which can be used with streams. Unlike readable-stream, it focuses on buffering and manipulating binary data rather than providing the stream API itself.
Node.js core streams for userland
npm install readable-stream
This package is a mirror of the streams implementations in Node.js 18.19.0.
Full documentation may be found on the Node.js website.
If you want to guarantee a stable streams base, regardless of what version of Node you, or the users of your libraries are using, use readable-stream only and avoid the "stream" module in Node-core, for background see this blogpost.
As of version 2.0.0 readable-stream uses semantic versioning.
v4.x.x of readable-stream
is a cut from Node 18. This version supports Node 12, 14, 16 and 18, as well as evergreen browsers.
The breaking changes introduced by v4 are composed of the combined breaking changes in:
This also includes many new features.
v3.x.x of readable-stream
is a cut from Node 10. This version supports Node 6, 8, and 10, as well as evergreen browsers, IE 11 and latest Safari. The breaking changes introduced by v3 are composed by the combined breaking changes in Node v9 and Node v10, as follows:
v2.x.x of readable-stream
is a cut of the stream module from Node 8 (there have been no semver-major changes from Node 4 to 8). This version supports all Node.js versions from 0.8, as well as evergreen browsers and IE 10 & 11.
You can swap your require('stream')
with require('readable-stream')
without any changes, if you are just using one of the main classes and
functions.
const {
Readable,
Writable,
Transform,
Duplex,
pipeline,
finished
} = require('readable-stream')
Note that require('stream')
will return Stream
, while
require('readable-stream')
will return Readable
. We discourage using
whatever is exported directly, but rather use one of the properties as
shown in the example above.
You will need a bundler like browserify
, webpack
, parcel
or similar. Polyfills are no longer required since version 4.2.0.
readable-stream
is maintained by the Streams Working Group, which
oversees the development and maintenance of the Streams API within
Node.js. The responsibilities of the Streams Working Group include:
readable-stream
to be included in Node.js.FAQs
Node.js Streams, a user-land copy of the stream library from Node.js
The npm package readable-stream receives a total of 144,185,814 weekly downloads. As such, readable-stream popularity was classified as popular.
We found that readable-stream demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.