Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
stream-transform
Advanced tools
Object transformations implementing the Node.js `stream.Transform` API
The stream-transform package is a simple and powerful tool for transforming data in Node.js streams. It allows you to easily modify data as it passes through a stream, making it highly useful for tasks such as data manipulation, filtering, and aggregation in real-time data processing applications.
Synchronous Transformation
This feature allows for synchronous data transformation within a stream. The provided code sample demonstrates how to read data from a CSV file, transform each record by joining its elements with a space, and then output the transformed data.
const transform = require('stream-transform');
const transformer = transform(function(record, callback){
setTimeout(function(){
callback(null, record.join(' ') + '\n');
}, 500);
}, {parallel: 5});
require('fs').createReadStream('/path/to/source.csv').pipe(transformer).pipe(process.stdout);
Asynchronous Transformation
This feature supports asynchronous transformation of stream data. The code sample shows how to asynchronously convert each piece of data to uppercase before passing it through the stream.
const transform = require('stream-transform');
const transformer = transform(function(record, callback){
process.nextTick(function(){
callback(null, record.toUpperCase());
});
});
require('fs').createReadStream('/path/to/source.txt').pipe(transformer).pipe(process.stdout);
Through2 is a tiny wrapper around Node.js streams.Transform that makes it easier to create transform streams. It is similar to stream-transform in providing a simple API for data transformation but differs in its implementation and customization options.
Event-stream is a toolkit for working with Node.js streams in a functional programming style, offering a variety of utilities for creating, combining, and consuming streams. While it provides more general stream manipulation capabilities, it shares the ability to transform stream data with stream-transform.
The stream-transform
project is a simple object transformation framework. It is part of the CSV project.
The Node.js stream.Transform
API is implemented for scalability. The callback-based and sync APIs are also available for convenience. It is both easy to use and powerful.
Run npm install csv
to install the full CSV module or run npm install csv-transform
if you are only interested by the CSV stringifier.
The module is built on the Node.js Stream API. Use the callback and sync APIs for simplicity or the stream based API for scalability.
The API is available in multiple flavors. This example illustrates the sync API.
import { transform } from "stream-transform/sync";
import assert from "assert";
const records = transform(
[
["a", "b", "c", "d"],
["1", "2", "3", "4"],
],
function (record) {
record.push(record.shift());
return record;
},
);
assert.deepEqual(records, [
["b", "c", "d", "a"],
["2", "3", "4", "1"],
]);
Tests are executed with mocha. To install it, simple run npm install
followed by npm test
. It will install mocha and its dependencies in your project "node_modules" directory and run the test suite. The tests run against the CoffeeScript source files.
To generate the JavaScript files, run npm run coffee
.
The test suite is run online with Travis. See the Travis definition file to view the tested Node.js version.
The project is sponsored by Adaltas, an Big Data consulting firm based in Paris, France.
FAQs
Object transformations implementing the Node.js `stream.Transform` API
We found that stream-transform demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.