Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The 'through' npm package is a simple wrapper around Node.js streams.Transform to create readable/writable streams easily using simple functions for the 'write' and 'end' parts of a stream. It is often used to transform or manipulate data in a stream.
Stream Transformation
This code sample demonstrates how to create a simple stream transformation that converts all incoming data to uppercase. The 'write' function is called for every chunk of data, and 'end' is called when there is no more data.
var through = require('through');
var tr = through(function write(data) {
this.queue(data.toString().toUpperCase());
}, function end() { // optional
this.queue(null);
});
process.stdin.pipe(tr).pipe(process.stdout);
Stream Filtering
This code sample shows how to filter the stream to only pass through data chunks longer than 10 characters. It uses the 'write' function to decide whether to pass the data along or not.
var through = require('through');
var tr = through(function write(data) {
if (data.length > 10) {
this.queue(data);
}
});
process.stdin.pipe(tr).pipe(process.stdout);
through2 is a tiny wrapper around Node.js streams.Transform that makes it easier to implement a transform stream. It is similar to 'through' but with a more modern API and additional features like object mode and flush function support.
stream-combiner allows you to create a pipeline of streams that gets combined into a single stream. It is similar to 'through' in that it deals with stream transformation, but it focuses on combining multiple streams into one.
pumpify combines an array of streams into a single duplex stream using pump and duplexify. It is similar to 'through' in that it can be used to transform data in streams, but it also handles the stream lifecycle and cleanup.
#through
Easy way to create a Stream
that is both readable
and writable
.
write
and end
methods.through
takes care of pause/resume logic if you use this.queue(data)
instead of this.emit('data', data)
.this.pause()
and this.resume()
to manage flow.this.paused
to see current flow state. (write always returns !this.paused
).This function is the basis for most of the synchronous streams in event-stream.
var through = require('through')
through(function write(data) {
this.queue(data) //data *must* not be null
},
function end () { //optional
this.queue(null)
})
Or, can also be used without buffering on pause, use this.emit('data', data)
,
and this.emit('end')
var through = require('through')
through(function write(data) {
this.emit('data', data)
//this.pause()
},
function end () { //optional
this.emit('end')
})
MIT / Apache2
FAQs
simplified stream construction
The npm package through receives a total of 28,821,003 weekly downloads. As such, through popularity was classified as popular.
We found that through demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.