Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
tar-stream
Advanced tools
tar-stream is a streaming tar parser and generator and nothing else. It is streams2 and operates purely using streams which means you can easily extract/parse tarballs without ever hitting the file system.
The tar-stream npm package is a streaming tar parser and generator, which allows users to read and write tar archives in a streaming fashion. This means that you can process tar files without having to load the entire file into memory, which is useful for handling large files or for streaming applications.
Extracting a tar archive
This feature allows you to extract files from a tar archive. The 'entry' event is emitted for each file in the archive, providing the file header and a stream for the file content.
const extract = require('tar-stream').extract;
const fs = require('fs');
let extractor = extract();
extractor.on('entry', (header, stream, next) => {
// header is the tar header
// stream is the content body (might be an empty stream)
// call next when you are done with this entry
stream.on('end', () => next());
stream.resume(); // just auto drain the stream
});
fs.createReadStream('archive.tar').pipe(extractor);
Creating a tar archive
This feature allows you to create a tar archive. You can add entries to the archive with the 'entry' method, and then finalize the archive when you are done.
const pack = require('tar-stream').pack;
const fs = require('fs');
let packer = pack();
// add a file called my-test.txt with the content 'Hello World!'
packer.entry({ name: 'my-test.txt' }, 'Hello World!', (err) => {
if (err) throw err;
packer.finalize(); // finalize the archive when you are done
});
// pipe the pack stream somewhere, like to a file
packer.pipe(fs.createWriteStream('my-tarball.tar'));
Archiver is a high-level streaming archive library that supports creating TAR and ZIP archives. It provides more abstraction than tar-stream and includes additional features like appending files from streams, buffers, or directories, and setting global archive options.
tar-fs is a Node.js module that provides filesystem bindings for tar-stream. It allows you to pack directories into tarballs and extract tarballs into directories using a file system interface, making it a bit more convenient for certain use cases compared to the lower-level tar-stream.
The 'tar' package is a full-featured Tar for Node.js, which includes utilities for creating, manipulating, and extracting tar archives. It's a higher-level package compared to tar-stream and includes features like gzip compression and decompression.
tar-stream is a streaming tar parser and generator and nothing else. It is streams2 and operates purely using streams which means you can easily extract/parse tarballs without ever hitting the file system.
npm install tar-stream
tar-stream exposes two streams, pack which creates tarballs and extract which extracts tarballs. To modify an existing tarball use both.
To create a pack stream use tar.pack()
and call pack.entry(header, [callback])
to add tar entries.
var tar = require('tar-stream');
var pack = tar.pack(); // p is a streams2 stream
// add a file called my-test.txt with the content "Hello World!"
pack.entry({ name: 'my-test.txt' }, 'Hello World!');
// add a file called my-stream-test.txt from a stream
var entry = pack.entry({ name: 'my-stream-test.txt' }, function(err) {
// the stream was added
// no more entries
pack.finalize();
});
myStream.pipe(entry);
// pipe the pack stream somewhere
pack.pipe(process.stdout);
To extract a stream use tar.extract()
and listen for extract.on('entry', header, stream, callback)
var extract = tar.extract();
extract.on('entry', function(header, stream, callback) {
// header is the tar header
// stream is the content body (might be an empty stream)
// call next when you are done with this entry
stream.resume(); // just auto drain the stream
stream.on('end', function() {
next(); // ready for next entry
});
});
extract.on('finish', function() {
// all entries read
});
pack.pipe(extract);
The header object using in entry
should contain the following properties.
Most of these values can be found by stating a file.
{
name: 'path/to/this/entry.txt',
size: 1314, // entry size. defaults to 0
mode: 0644, // entry mode. defaults to to 0755 for dirs and 0644 otherwise
mtime: new Date(), // last modified date for entry. defaults to now.
type: 'file', // type of entry. defaults to file. can be:
// file | link | symlink | directory | block-device
// character-device | fifo | contigious-file
linkname: 'path', // linked file name
uid: 0, // uid of entry owner. defaults to 0
gid: 0, // gid of entry owner. defaults to 0
uname: 'maf', // uname of entry owner. defaults to null
gname: 'staff', // gname of entry owner. defaults to null
devmajor: 0, // device major version. defaults to 0
devminor: 0 // device minor version. defaults to 0
}
Using tar-stream it is easy to rewrite paths / change modes etc in an existing tarball.
var extract = tar.extract();
var pack = tar.pack();
var path = require('path');
extract.on('entry', function(header, stream, callback) {
// let's prefix all names with 'tmp'
header.name = path.join('tmp', header.name);
// write the new entry to the pack stream
stream.pipe(pack.entry(header, callback));
});
extract.on('finish', function() {
// all entries done - lets finalize it
pack.finalize();
});
// pipe the old tarball to the extractor
oldTarball.pipe(extract);
// pipe the new tarball the another stream
pack.pipe(newTarball);
See tar-fs for a performance comparison with node-tar
MIT
FAQs
tar-stream is a streaming tar parser and generator and nothing else. It operates purely using streams which means you can easily extract/parse tarballs without ever hitting the file system.
The npm package tar-stream receives a total of 11,706,292 weekly downloads. As such, tar-stream popularity was classified as popular.
We found that tar-stream demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.