Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
timzones-ical-library
Advanced tools
Easy direct access to the most recent official timezone information for iCalendar files
The tool to convert the IANA (formerly Olson) timezone database files into VTIMEZONE blocks, compatible with the iCalendar specification (RFC2445).
It is based on the awesome tool by Damon Chaplin (github.com/libical/vzic), but only provides the VTIMEZONE part to easily put this into any other iCal generator (like the add-to-calendar-button). It is built to be used standalone or as JavaScript module, hosted as npm package.
This step is only relevant if you want to build the package and data from source! (Requires Node.js as well as Linux as operating system.) Run ...
sudo sh update-tzdata.sh tzVersionNumber
... with tzVersionNumber being the version of the IANA timezone database you want to use (e.g. sudo sh update-tzdata.sh 2022c).
You can use the pure and simple version directly from the dist folder or the jsDelivr CDN and include in your application:
<script src="https://cdn.jsdelivr.net/npm/timzones-ical-library"></script>
Alternatively, you can install the package via npm with:
npm install timezones-ical-library
After the installation:
import { tzlib_get_ical_block, tzlib_get_offset, tzlib_get_timezones } from 'timezones-ical-library';
.Use tzlib_get_timezones()
to retrieve a list of all available timezone strings. You can pass true
to retrieve a JSON formatted string instead of an array.
Use the tzlib_get_ical_block(tzName)
function to return the proper iCal VTIMEZONE block for a given timezone string (tzName).
Include this into your further iCal data to come up with a complete ics file.
A final constellation could look like this:
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-// github.com/add2cal/add-to-calendar-button // atcb v1.14.6 //EN
CALSCALE:GREGORIAN
BEGIN:VTIMEZONE
TZID:/timezones-ical-library/20220824/America/New_York
LAST-MODIFIED:20220824T133813Z
X-LIC-LOCATION:America/New_York
BEGIN:DAYLIGHT
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
UID:2022-08-30T19:29:38.618Z@add-to-calendar-button
DTSTAMP:20230214T091500Z
DTSTART;TZID=/timezones-ical-library/20220824/America/New_York:20230214T091500
DTEND;TZID=/timezones-ical-library/20220824/America/New_York:20230218T223000
SUMMARY:A sample event
DESCRIPTION:Just some descriptive text...
LOCATION:World Wide Web
STATUS:CONFIRMED
LAST-MODIFIED:20220830T192938Z
SEQUENCE:0
END:VEVENT
END:VCALENDAR
Use tzlib_get_offset(tzName, isoDate, isoTime)
to get specific offset (relative to UTC), based on a provided date and time.
For example, you can provide tzName 'Europe/Berlin'
, isoDate '2023-05-23'
, and isoTime '15:45'
in order to retrieve the offset, which applies for this timezone at the 23rd of May in 2023 at exactly 15:45.
Anyone is welcome to contribute, but mind the guidelines:
Licensed under Apache-2.0.
FAQs
Easy direct access to the most recent official timezone information for iCalendar files
The npm package timzones-ical-library receives a total of 0 weekly downloads. As such, timzones-ical-library popularity was classified as not popular.
We found that timzones-ical-library demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.