Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The svgo npm package is a Node.js-based tool for optimizing SVG vector graphics files. SVGO stands for Scalable Vector Graphics Optimizer. It works by applying a series of transformations and optimizations to SVG files to reduce their size without affecting their visual quality. This is particularly useful for web development, where smaller file sizes can lead to faster load times and better performance.
Minify SVG files
This feature allows you to minify SVG files by removing unnecessary data without affecting the rendering of the SVG. The code sample demonstrates how to use the optimize function to minify an SVG string.
const { optimize } = require('svgo');
const svgString = '<svg ...> ... </svg>';
const result = optimize(svgString, { path: 'path/to/svg/file.svg' });
console.log(result.data);
Remove specified attributes
This feature allows you to remove specified attributes from SVG elements. The code sample shows how to use the removeAttributesBySelector plugin to remove the 'fill' attribute from all elements that have it.
const { optimize } = require('svgo');
const svgString = '<svg ...> ... </svg>';
const result = optimize(svgString, {
plugins: [
{
name: 'removeAttributesBySelector',
params: {
selector: '[fill]',
attributes: 'fill'
}
}
]
});
console.log(result.data);
Prettify SVG files
This feature allows you to prettify SVG files by reformatting them with consistent indentation and spacing. The code sample demonstrates how to use the js2svg option with the pretty parameter set to true.
const { optimize } = require('svgo');
const svgString = '<svg ...> ... </svg>';
const result = optimize(svgString, {
plugins: [
'preset-default',
'sortAttrs',
{
name: 'removeAttrs',
params: { attrs: '(stroke|fill)' }
}
],
js2svg: { pretty: true }
});
console.log(result.data);
imagemin-svgo is a plugin for Imagemin, which is a general image optimization framework. While svgo focuses solely on SVG files, Imagemin can handle various image formats when combined with the appropriate plugins. Imagemin-svgo brings the capabilities of svgo to the Imagemin ecosystem.
svg-sprite is a package that takes a set of SVG files and combines them into a single sprite sheet. While svgo optimizes individual SVG files, svg-sprite focuses on creating an efficient way to bundle multiple SVGs for use on the web.
svg-crowbar is a tool designed to extract SVG elements from an HTML document and download them as standalone SVG files. It is different from svgo, which optimizes existing SVG files rather than extracting them from HTML.
english | русский
SVG Optimizer is a Nodejs-based tool for optimizing SVG vector graphics files.
SVG files, especially exported from various editors, usually contains a lot of redundant and useless information such as editor metadata, comments, hidden elements, default or non-optimal values and other stuff that can be safely removed or converted without affecting SVG rendering result.
SVGO has a plugin-based architecture, so almost every optimization is a separate plugin.
Today we have:
<metadata>
<title>
(disabled by default)<desc>
(only non-meaningful by default)<defs>
without id
viewBox
attribute when possible (disabled by default)enable-background
attribute when possiblergb()
to #rrggbb
, from #rrggbb
to #rgb
)<svg>
element (disabled by default)Want to know how it works and how to write your own plugin? Of course you want to.
$ [sudo] npm install -g svgo
Usage:
svgo [OPTIONS] [ARGS]
Options:
-h, --help : Help
-v, --version : Version
-i INPUT, --input=INPUT : Input file, "-" for STDIN
-s STRING, --string=STRING : Input SVG data string
-f FOLDER, --folder=FOLDER : Input folder, optimize and rewrite all *.svg files
-o OUTPUT, --output=OUTPUT : Output file or folder (by default the same as the input), "-" for STDOUT
-p PRECISION, --precision=PRECISION : Set number of digits in the fractional part, overrides plugins params
--config=CONFIG : Config file to extend or replace default
--disable=DISABLE : Disable plugin by name
--enable=ENABLE : Enable plugin by name
--datauri=DATAURI : Output as Data URI string (base64, URI encoded or unencoded)
--pretty : Make SVG pretty printed
--show-plugins : Show available plugins and exit
Arguments:
INPUT : Alias to --input
OUTPUT : Alias to --output
with files:
$ svgo test.svg
or:
$ svgo test.svg test.min.svg
with STDIN / STDOUT:
$ cat test.svg | svgo -i - -o - > test.min.svg
with folder
$ svgo -f ../path/to/folder/with/svg/files
or:
$ svgo -f ../path/to/folder/with/svg/files -o ../path/to/folder/with/svg/output
with strings:
$ svgo -s '<svg version="1.1">test</svg>' -o test.min.svg
or even with Data URI base64:
$ svgo -s 'data:image/svg+xml;base64,…' -o test.min.svg
with SVGZ:
from .svgz
to .svg
:
$ gunzip -c test.svgz | svgo -i - -o test.min.svg
from .svg
to .svgz
:
$ svgo test.svg -o - | gzip -cfq9 > test.svgz
with GUI – svgo-gui
as a web app - SVGOMG
as a Nodejs module – examples
as a Grunt task – grunt-svgmin
as a Gulp task – gulp-svgmin
as a Mimosa module – mimosa-minify-svg
as an OSX Folder Action – svgo-osx-folder-action
as a webpack loader – image-webpack-loader
BTC 1zVZYqRSzQ4aaL27rp3PLwFFSXpfs5H8r
This software is released under the terms of the MIT license.
Logo by Yegor Bolshakov.
FAQs
Nodejs-based tool for optimizing SVG vector graphics files
The npm package svgo receives a total of 8,081,242 weekly downloads. As such, svgo popularity was classified as popular.
We found that svgo demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.