Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
through
Advanced tools
Package description
The 'through' npm package is a simple wrapper around Node.js streams.Transform to create readable/writable streams easily using simple functions for the 'write' and 'end' parts of a stream. It is often used to transform or manipulate data in a stream.
Stream Transformation
This code sample demonstrates how to create a simple stream transformation that converts all incoming data to uppercase. The 'write' function is called for every chunk of data, and 'end' is called when there is no more data.
var through = require('through');
var tr = through(function write(data) {
this.queue(data.toString().toUpperCase());
}, function end() { // optional
this.queue(null);
});
process.stdin.pipe(tr).pipe(process.stdout);
Stream Filtering
This code sample shows how to filter the stream to only pass through data chunks longer than 10 characters. It uses the 'write' function to decide whether to pass the data along or not.
var through = require('through');
var tr = through(function write(data) {
if (data.length > 10) {
this.queue(data);
}
});
process.stdin.pipe(tr).pipe(process.stdout);
through2 is a tiny wrapper around Node.js streams.Transform that makes it easier to implement a transform stream. It is similar to 'through' but with a more modern API and additional features like object mode and flush function support.
stream-combiner allows you to create a pipeline of streams that gets combined into a single stream. It is similar to 'through' in that it deals with stream transformation, but it focuses on combining multiple streams into one.
pumpify combines an array of streams into a single duplex stream using pump and duplexify. It is similar to 'through' in that it can be used to transform data in streams, but it also handles the stream lifecycle and cleanup.
Readme
#through
Easy way to create a Stream
that is both readable
and writable
.
write
and end
methods.through
takes care of pause/resume logic if you use this.queue(data)
instead of this.emit('data', data)
.this.pause()
and this.resume()
to manage flow.this.paused
to see current flow state. (write always returns !this.paused
).This function is the basis for most of the syncronous streams in event-stream.
var through = require('through')
through(function write(data) {
this.queue(data) //data *must* not be null
},
function end () { //optional
this.queue(null)
})
Or, can also be used without buffering on pause, use this.emit('data', data)
,
and this.emit('end')
var through = require('through')
through(function write(data) {
this.emit('data', data)
//this.pause()
},
function end () { //optional
this.emit('end')
})
MIT / Apache2
FAQs
simplified stream construction
We found that through demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.