Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
timezones-ical-library
Advanced tools
Easy direct access to the most recent official timezone information for iCalendar files via JavaScript
The tool to convert the IANA (formerly Olson) time zone database files into VTIMEZONE blocks, compatible with the iCalendar specification (RFC2445).
It is based on the awesome tool by Damon Chaplin (github.com/libical/vzic), but only provides the VTIMEZONE part to easily put this into any other iCal generator (like the add-to-calendar-button). It is built to be used standalone or as JavaScript module, hosted as npm package.
This step is only relevant if you want to build the package and data on your own and from source! (Requires Node.js as well as Linux as operating system.) Run ...
sudo sh update-tzdata.sh tzVersionNumber
... with tzVersionNumber being the version of the IANA time zone database you want to use (e.g. sudo sh update-tzdata.sh 2023c).
Install the package via npm with:
npm install timezones-ical-library
After the installation:
import { tzlib_get_ical_block, tzlib_get_offset, tzlib_get_timezones } from 'timezones-ical-library';
.Use tzlib_get_timezones()
to retrieve a list of all available time zone strings. You can pass true
to retrieve a JSON formatted string instead of an array.
Use the tzlib_get_ical_block(tzName)
function to return the proper iCal VTIMEZONE block for a given time zone string (tzName). Again, pass true
to retrieve a JSON formatted string instead of an array (not recommended).
You will receive an array, holding the VTIMEZONE block first, and the TZID line (additionally) second. The latter one is needed for any further time statement.
Include this into your further iCal data to come up with a complete ics file.
A final constellation could look like this:
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-// github.com/add2cal/add-to-calendar-button //EN
CALSCALE:GREGORIAN
BEGIN:VTIMEZONE
TZID:America/New_York
LAST-MODIFIED:20220824T133813Z
X-LIC-LOCATION:America/New_York
BEGIN:DAYLIGHT
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
UID:2022-08-30T19:29:38.618Z@add-to-calendar-button
DTSTAMP:20230214T091500Z
DTSTART;TZID=America/New_York:20230214T091500
DTEND;TZID=America/New_York:20230218T223000
SUMMARY:A sample event
DESCRIPTION:Just some descriptive text...
LOCATION:World Wide Web
STATUS:CONFIRMED
LAST-MODIFIED:20220830T192938Z
SEQUENCE:0
END:VEVENT
END:VCALENDAR
Use tzlib_get_offset(tzName, isoDate, isoTime)
to get specific offset (relative to UTC), based on a provided date and time.
For example, you can provide tzName 'Europe/Berlin'
, isoDate '2023-05-23'
, and isoTime '15:45'
in order to retrieve the offset, which applies for this time zone at the 23rd of May in 2023 at exactly 15:45.
Instead of using this code or the npm package, you could also make use of the free and open API.
https://tz.add-to-calendar-technology.com/api/zones.json
https://tz.add-to-calendar-technology.com/api/%zoneName%.ics
With %zoneName% being your time zone. So, for New York, this would be https://tz.add-to-calendar-technology.com/api/America/New_York.ics. This is case sensitive!
(Mind that this does not deliver a fully valid ics file, since it only contains the VTIMEZONE part. You will need to combine this with your other event information.)
Anyone is welcome to contribute, but mind the guidelines:
Copyright (c) Jens Kuerschner.
Licensed under Apache-2.0.
FAQs
Easy direct access to the most recent official timezone information for iCalendar files via JavaScript
The npm package timezones-ical-library receives a total of 23,261 weekly downloads. As such, timezones-ical-library popularity was classified as popular.
We found that timezones-ical-library demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.