Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
reed-solomon
Advanced tools
Reed-Solomon erasure coding in pure Javascript. A Javascript port of the JavaReedSolomon library released by Backblaze. For an introduction to erasure coding, see the post by Brian Beach on the Backblaze blog. Special thanks to Backblaze.
reed-solomon
is licensed under the MIT License, which means that you can use it in your own projects for free. You can even use it in commercial projects.
npm install reed-solomon
Data redundancy is typically achieved through mirroring or replication at a cost of 3x the original data. With Reed-Solomon erasure codes, you can achieve better redundancy at a cost of only 1.5x the original data, for example. Various storage efficiencies of 1.4x and 1.18x are also possible. You can trade storage efficiency, redundancy and recovery time by fine-tuning the number of data shards and parity shards you use.
reed-solomon
includes a Javascript binding as well as an optional native binding (and simple benchmark):
ReedSolomon(17, 3)
1,8 GHz Intel Core i5
Binding: Native
Encode: 400.00 MB/s
Decode: 369.57 MB/s
Binding: Javascript
Encode: 195.68 MB/s
Decode: 193.18 MB/s
The Javascript binding will be used if the native binding has not been compiled. To compile the native binding, install node-gyp globally:
sudo npm install node-gyp -g
Then build the binding from within the reed-solomon
module directory:
cd node_modules/reed-solomon
node-gyp rebuild
Divide a single Buffer
into an Array
of fixed-size data shards, then use reed-solomon
to compute as many parity shards as you need. If you lose some data shards or some parity shards (no more than the number of parity shards you added), you can use reed-solomon
to reconstruct the missing data and parity shards.
var ReedSolomon = require('reed-solomon');
var dataShards = 6;
var parityShards = 3;
var shardSize = 1024 * 1024;
var shards = [
// Data shards (containing user data):
<Buffer (shardSize) >,
<Buffer (shardSize) >,
<Buffer (shardSize) >,
<Buffer (shardSize) >,
<Buffer (shardSize) >,
<Buffer (shardSize) >,
// Parity shards:
new Buffer(shardSize),
new Buffer(shardSize),
new Buffer(shardSize)
];
var rs = new ReedSolomon(dataShards, parityShards);
var offset = 0; // The offset of each shard within each buffer.
var size = shardSize; // The size of each shard within each buffer.
rs.encode(shards, offset, size);
// Parity shards now contain parity data.
rs.isParityCorrect(shards, offset, size); // true/false
// Corrupt a data shard:
shards[0] = new Buffer(shardSize);
// Corrupt a parity shard:
shards[shards.length - 1] = new Buffer(shardSize);
// We still have enough parity to corrupt another shard.
// Decode the corrupted data and parity shards:
var present = [
false, // We indicate that shard 1/9 is corrupt. This is a data shard.
true,
true,
true,
true,
true,
true,
true,
false // We indicate that shard 9/9 is corrupt. This is a parity shard.
];
rs.decode(shards, offset, size, present);
// Shards 1 and 9 have been repaired.
reed-solomon
ships with extensive tests, including a long-running fuzz test.
cd node-modules/reed-solomon
node test.js
FAQs
This package is no longer supported and has been deprecated. To avoid malicious use, npm is hanging on to the package name.
The npm package reed-solomon receives a total of 6 weekly downloads. As such, reed-solomon popularity was classified as not popular.
We found that reed-solomon demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.