Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The ssf npm package is a format library for handling spreadsheet string formats. It allows users to format numbers and dates in a way that is consistent with spreadsheet software like Microsoft Excel or Google Sheets. This can be particularly useful for applications that deal with data export, reporting, or any form of data presentation that requires spreadsheet-like formatting.
Number Formatting
This feature allows you to format numbers according to a specified format string. In this example, a number is formatted to two decimal places.
"SSF.format('0.00', 123.456); // '123.46'"
Date Formatting
This feature enables the formatting of JavaScript Date objects into a string format based on the provided format string. Here, a date is formatted into a YYYY-MM-DD format.
"SSF.format('YYYY-MM-DD', new Date(2023, 3, 1)); // '2023-04-01'"
Custom Formats
SSF allows for the creation of custom formats to handle specific formatting needs. This example demonstrates how to format numbers into a 'Million' or 'Thousand' string based on their value.
"SSF.format('[>999999]#,##0,"Million";#,##0,"Thousand"', 1200000); // '1,200,000,"Million"'"
Numbro is a robust formatting library for numbers. It offers extensive options for number formatting, including currency, percentages, and time spans. While it provides similar number formatting capabilities, it lacks the direct spreadsheet-style formatting and date handling that ssf offers.
date-fns provides a comprehensive toolkit for date manipulation and formatting. It excels in handling dates and times, offering a wide range of functions for these purposes. Unlike ssf, date-fns focuses exclusively on dates and does not cover number formatting.
The accounting package is focused on formatting numbers for financial contexts, offering functions for currency formatting, precision rounding, and number formatting. While it shares the number formatting aspect with ssf, it is more narrowly focused on financial applications and does not include date formatting capabilities.
ssf (SpreadSheet Format) is a pure JS library to format data using ECMA-376 spreadsheet format codes (used in popular spreadsheet software packages).
This is the community version. We also offer a pro version with additional features like international support as well as dedicated support.
With npm:
$ npm install ssf
In the browser:
<script src="ssf.js"></script>
The browser exposes a variable SSF
When installed globally, npm installs a script ssf
that renders the format
string with the given arguments. Running the script with -h
displays help.
The script will manipulate module.exports
if available . This is not always
desirable. To prevent the behavior, define DO_NOT_EXPORT_SSF
.
SSF.format(fmt, val, opts)
formats val
using the format fmt
.
If fmt
is a string, it will be parsed and evaluated. If fmt
is a number
,
the actual format will be the corresponding entry in the internal format table.
For a raw numeric format like 000
, the value should be passed as a string.
Date arguments are interpreted in the local time of the JS client.
The options argument may contain the following keys:
Option Name | Default | Description |
---|---|---|
date1904 | false | Use 1904 date system if true, 1900 system if false |
Binary spreadsheet formats store cell formats in a table and reference by index. This library uses a global table:
SSF._table
is the underlying object, mapping numeric keys to format strings.
SSF.load(fmt:string, idx:?number):number
assigns the format to the specified
index and returns the index. If the index is not specified, SSF will search the
space for an available format slot pick an unused slot. For compatibility with
the XLS and XLSB file formats, custom indices should be in the valid ranges
5-8
, 23-26
, 41-44
, 63-66
, 164-382
(see [MS-XLSB] 2.4.655 BrtFmt
)
SSF.get_table()
gets the internal format table (number to format mapping).
SSF.load_table(table)
sets the internal format table.
SSF.parse_date_code(val:number, opts:?any)
parses val
, returning an object:
type SSFDate = {
D:number; /* number of whole days since relevant epoch, 0 <= D */
y:number; /* integral year portion, epoch_year <= y */
m:number; /* integral month portion, 1 <= m <= 12 */
d:number; /* integral day portion, subject to gregorian YMD constraints */
q:number; /* integral day of week (0=Sunday .. 6=Saturday) 0 <= q <= 6 */
T:number; /* number of seconds since midnight, 0 <= T < 86400 */
H:number; /* integral number of hours since midnight, 0 <= H < 24 */
M:number; /* integral number of minutes since the last hour, 0 <= M < 60 */
S:number; /* integral number of seconds since the last minute, 0 <= S < 60 */
u:number; /* sub-second part of time, 0 <= u < 1 */
}
SSF.is_date(fmt:string):boolean
returns true
if fmt
encodes a date format.
ssf-cli
is a simple NodeJS command
line tool for formatting numbers.
Please consult the attached LICENSE file for details. All rights not explicitly granted by the Apache 2.0 license are reserved by the Original Author.
ECMA-376
: Office Open XML File FormatsMS-XLS
: Excel Binary File Format (.xls) Structure SpecificationMS-XLSB
: Excel (.xlsb) Binary File FormatFAQs
Format data using ECMA-376 spreadsheet Format Codes
The npm package ssf receives a total of 2,042,493 weekly downloads. As such, ssf popularity was classified as popular.
We found that ssf demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.