Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
snappyjs
Advanced tools
Readme
A pure JavaScript implementation of Google's Snappy compression library.
This implementation is reasonably fast (see benchmark below). It takes advantage of ArrayBuffer
.
If using with Node.js,
npm install snappyjs
If using with Bower,
bower install snappyjs
SnappyJS works with Node.js 10.x or later.
var SnappyJS = require('snappyjs')
var buffer = new ArrayBuffer(100)
// fill data in buffer
var compressed = SnappyJS.compress(buffer)
var uncompressed = SnappyJS.uncompress(compressed)
You can also use SnappyJS in browser. Adding dist/snappyjs.js
or dist/snappyjs.min.js
will introduce SnappyJS
in the global scope.
SnappyJS relies on ArrayBuffer
. All major browsers support it now (http://caniuse.com/#feat=typedarrays). Also, as I tested, SnappyJS has high performance on latest version of Google Chrome, Safari, Firefox, and Microsoft Edge.
When using webpack to build your project, and you plan to only use ArrayBuffer
or Uint8Array
as input parameters, make sure to put the following in your webpack config to prevent it from automatically bundling a Buffer
polyfill:
node: {
Buffer: false,
}
Compress input
, which must be type of ArrayBuffer
, Buffer
, or Uint8Array
.
Compressed byte stream is returned, with same type of input
.
Uncompress compressed
, which must be type of ArrayBuffer
, Buffer
, or Uint8Array
.
Uncompressed byte stream is returned, with same type of compressed
.
If maxLength
is provided, uncompress function will throw an exception if the data length
encoded in the header exceeds maxLength
. This is a protection mechanism for malicious data stream.
Although JavaScript is dynamic-typing, all major JS engines are highly optimized. Thus well-crafted JavaScript code can have competitive performance even compared to native C++ code.
I benchmark SnappyJS against node-snappy
(which is Node.js binding of native implementation).
Command for benchmark is node benchmark
. Below is the result running on Node.js v5.5.0.
Real text #1 (length 618425, byte length 618425), repeated 100 times:
node-snappy#compress x 2.31 ops/sec ±1.47% (10 runs sampled)
snappyjs#compress x 0.91 ops/sec ±0.92% (7 runs sampled)
node-snappy#uncompress x 7.22 ops/sec ±4.07% (22 runs sampled)
snappyjs#uncompress x 2.45 ops/sec ±1.53% (11 runs sampled)
Real text #2 (length 3844590, byte length 3844591), repeated 10 times:
node-snappy#compress x 7.68 ops/sec ±2.78% (23 runs sampled)
snappyjs#compress x 3.56 ops/sec ±1.44% (13 runs sampled)
node-snappy#uncompress x 17.94 ops/sec ±4.71% (33 runs sampled)
snappyjs#uncompress x 7.24 ops/sec ±2.57% (22 runs sampled)
Random string (length 1000000, byte length 1500098), repeated 50 times:
node-snappy#compress x 6.69 ops/sec ±5.23% (21 runs sampled)
snappyjs#compress x 2.39 ops/sec ±2.54% (10 runs sampled)
node-snappy#uncompress x 14.94 ops/sec ±6.90% (40 runs sampled)
snappyjs#uncompress x 5.92 ops/sec ±4.28% (19 runs sampled)
Random string (length 100, byte length 147), repeated 100000 times:
node-snappy#compress x 4.17 ops/sec ±2.96% (15 runs sampled)
snappyjs#compress x 5.45 ops/sec ±1.51% (18 runs sampled)
node-snappy#uncompress x 4.39 ops/sec ±3.83% (15 runs sampled)
snappyjs#uncompress x 14.01 ops/sec ±2.06% (38 runs sampled)
From the result, we see that SnappyJS has 35%~45% performance of native implementation.
If input size is small, SnappyJS may have better performance than node-snappy
.
It is because calling native function in JS is much more expensive than calling JS function.
MIT License
FAQs
JavaScript implementation of Google's Snappy compression library
The npm package snappyjs receives a total of 184,896 weekly downloads. As such, snappyjs popularity was classified as popular.
We found that snappyjs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.