Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
readable-stream
Advanced tools
Streams3, a user-land copy of the stream library from Node.js v0.11.x
The readable-stream package is a userland stream module, compatible with the built-in stream module provided by Node.js. It offers the same interface and functionality as the native module, but with additional updates and bug fixes. It is particularly useful for ensuring consistent stream behavior across different Node.js versions.
Creating a readable stream
This feature allows you to create a readable stream that you can pipe to other streams or consume manually. The 'read' method is called when the stream wants to pull more data.
const { Readable } = require('readable-stream');
const myReadableStream = new Readable({
read(size) {
this.push('some data');
this.push(null); // No more data
}
});
myReadableStream.on('data', (chunk) => {
console.log(chunk.toString());
});
Creating a writable stream
This feature allows you to create a writable stream where you can write data. The 'write' method is called when the stream receives data to write.
const { Writable } = require('readable-stream');
const myWritableStream = new Writable({
write(chunk, encoding, callback) {
process.stdout.write(chunk);
callback();
}
});
process.stdin.pipe(myWritableStream);
Creating a transform stream
This feature allows you to create a transform stream that can modify data as it is read from a readable stream before it is written to a writable stream.
const { Transform } = require('readable-stream');
const myTransformStream = new Transform({
transform(chunk, encoding, callback) {
this.push(chunk.toString().toUpperCase());
callback();
}
});
process.stdin.pipe(myTransformStream).pipe(process.stdout);
Creating a duplex stream
This feature allows you to create a duplex stream that is both readable and writable. It can be used to read data from one source and write to another.
const { Duplex } = require('readable-stream');
const myDuplexStream = new Duplex({
read(size) {
this.push('data from read method');
this.push(null);
},
write(chunk, encoding, callback) {
console.log(chunk.toString());
callback();
}
});
myDuplexStream.on('data', (chunk) => {
console.log(chunk.toString());
});
myDuplexStream.write('data for write method');
Through2 is a tiny wrapper around Node.js streams.Transform that makes it easier to create transform streams. It is similar to readable-stream's Transform, but with a simpler API for most common use cases.
Highland.js manages synchronous and asynchronous code easily, using nothing more than standard JavaScript and Node-like streams. It is more functional in nature compared to readable-stream and provides a higher level abstraction for handling streams.
Stream-browserify is a browser-compatible version of Node.js' core stream module, similar to readable-stream. It allows the use of Node.js-style streams in the browser, but it is specifically designed to polyfill the native Node.js stream module for browser use.
Buffer List (bl) is a storage object for collections of Node Buffers, which can be used with streams. Unlike readable-stream, it focuses on buffering and manipulating binary data rather than providing the stream API itself.
Node-core streams for userland
This package is a mirror of the Streams2 and Streams3 implementations in Node-core.
If you want to guarantee a stable streams base, regardless of what version of Node you, or the users of your libraries are using, use readable-stream only and avoid the "stream" module in Node-core.
readable-stream comes in two major versions, v1.0.x and v1.1.x. The former tracks the Streams2 implementation in Node 0.10, including bug-fixes and minor improvements as they are added. The latter tracks Streams3 as it develops in Node 0.11; we will likely see a v1.2.x branch for Node 0.12.
readable-stream uses proper patch-level versioning so if you pin to "~1.0.0"
you’ll get the latest Node 0.10 Streams2 implementation, including any fixes and minor non-breaking improvements. The patch-level versions of 1.0.x and 1.1.x should mirror the patch-level versions of Node-core releases. You should prefer the 1.0.x releases for now and when you’re ready to start using Streams3, pin to "~1.1.0"
FAQs
Node.js Streams, a user-land copy of the stream library from Node.js
The npm package readable-stream receives a total of 143,867,676 weekly downloads. As such, readable-stream popularity was classified as popular.
We found that readable-stream demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.