Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
typedarray-to-buffer
Advanced tools
The typedarray-to-buffer npm package is a simple utility that converts a TypedArray or ArrayBuffer to a Node.js Buffer without copying the underlying memory. It's particularly useful when you need to work with Node.js buffers but are starting with a TypedArray (like Uint8Array) or an ArrayBuffer that you've obtained from a different context, such as the Web API or another library that doesn't use Node.js buffers.
Convert TypedArray to Buffer
This feature allows you to convert a TypedArray, such as Uint8Array, to a Node.js Buffer instance. The conversion is done without copying the data, making it a fast operation.
var toBuffer = require('typedarray-to-buffer');
var uint8array = new Uint8Array([1, 2, 3]);
var buffer = toBuffer(uint8array);
This package provides a way to create a new Buffer instance from a variety of inputs including TypedArrays, Buffers, strings, and arrays. It's similar to typedarray-to-buffer but offers more input options and creates a new Buffer with copied data.
The to-arraybuffer package is designed to convert a Buffer or a string to an ArrayBuffer. It's similar in that it deals with conversions between Buffer and ArrayBuffer, but it goes in the opposite direction compared to typedarray-to-buffer.
Say you're using the 'buffer' module on npm, or browserify and you're working with lots of binary data.
Unfortunately, sometimes the browser or someone else's API gives you a typed array like
Uint8Array
to work with and you need to convert it to a Buffer
. What do you do?
Of course: Buffer.from(uint8array)
But, alas, every time you do Buffer.from(uint8array)
the entire array gets copied.
The Buffer
constructor does a copy; this is
defined by the node docs and the 'buffer' module
matches the node API exactly.
So, how can we avoid this expensive copy in performance critical applications?
Simply use this module, of course!
If you have an ArrayBuffer
, you don't need this module, because
Buffer.from(arrayBuffer)
is already efficient.
npm install typedarray-to-buffer
To convert a typed array to a Buffer
without a copy, do this:
var toBuffer = require('typedarray-to-buffer')
var arr = new Uint8Array([1, 2, 3])
arr = toBuffer(arr)
// arr is a buffer now!
arr.toString() // '\u0001\u0002\u0003'
arr.readUInt16BE(0) // 258
If the browser supports typed arrays, then toBuffer
will augment the typed array you
pass in with the Buffer
methods and return it. See how does Buffer
work? for more about how augmentation
works.
This module uses the typed array's underlying ArrayBuffer
to back the new Buffer
. This
respects the "view" on the ArrayBuffer
, i.e. byteOffset
and byteLength
. In other
words, if you do toBuffer(new Uint32Array([1, 2, 3]))
, then the new Buffer
will
contain [1, 0, 0, 0, 2, 0, 0, 0, 3, 0, 0, 0]
, not [1, 2, 3]
. And it still doesn't
require a copy.
If the browser doesn't support typed arrays, then toBuffer
will create a new Buffer
object, copy the data into it, and return it. There's no simple performance optimization
we can do for old browsers. Oh well.
If this module is used in node, then it will just call Buffer.from
. This is just for
the convenience of modules that work in both node and the browser.
MIT. Copyright (C) Feross Aboukhadijeh.
FAQs
Convert a typed array to a Buffer without a copy
We found that typedarray-to-buffer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.