Research
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
By Kush Pandya - Apr 18, 2025
You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP →
urlsafe-base64
Advanced tools
What is urlsafe-base64?
The urlsafe-base64 npm package provides utilities for encoding and decoding Base64 strings in a URL-safe manner. This means that the encoded strings are safe to use in URLs without needing additional encoding or escaping.
What are urlsafe-base64's main functionalities?
Encoding
This feature allows you to encode a Buffer into a URL-safe Base64 string. The encoded string can be safely used in URLs.
const urlsafeBase64 = require('urlsafe-base64');
const buffer = Buffer.from('Hello, World!');
const encoded = urlsafeBase64.encode(buffer);
console.log(encoded); // Outputs: 'SGVsbG8sIFdvcmxkIQ'Decoding
This feature allows you to decode a URL-safe Base64 string back into a Buffer. The decoded Buffer can then be converted back to its original string form.
const urlsafeBase64 = require('urlsafe-base64');
const encoded = 'SGVsbG8sIFdvcmxkIQ';
const buffer = urlsafeBase64.decode(encoded);
console.log(buffer.toString()); // Outputs: 'Hello, World!'Validation
This feature allows you to validate whether a given string is a valid URL-safe Base64 encoded string.
const urlsafeBase64 = require('urlsafe-base64');
const encoded = 'SGVsbG8sIFdvcmxkIQ';
const isValid = urlsafeBase64.validate(encoded);
console.log(isValid); // Outputs: trueOther packages similar to urlsafe-base64
base64url
The base64url package provides similar functionality for encoding and decoding Base64 strings in a URL-safe manner. It also includes methods for encoding and decoding strings and buffers, and it is widely used in the Node.js community.
js-base64
The js-base64 package is a robust library for encoding and decoding Base64 strings. It supports both standard and URL-safe Base64 encoding, making it a versatile choice for various use cases.
base64-js
The base64-js package is a pure JavaScript implementation for encoding and decoding Base64 strings. It is lightweight and efficient, and it supports URL-safe encoding as well.
URL Safe Base64
URL Safe Base64 util module for Node.js applications
Installation
With npm do:
npm install urlsafe-base64
Usage
Require it within your module:
var URLSafeBase64 = require('urlsafe-base64');
.encode(buffer)
Encodes a buffer as a URL Safe Base64 string. This function encodes to the RFC 4648 Spec where '+' is encoded as '-' and '/' is encoded as '_'. The padding character '=' is removed.
var randomURLSafeBase64;
crypto.randomBytes(32, function(err, buf) {
if (err) {
throw err;
return;
};
randomURLSafeBase64 = URLSafeBase64.encode(buf);
});
.decode(string)
Decodes a URL Safe Base64 string as a buffer.
var someURLSafeBase64 = '';
URLSafeBase64.decode(someURLSafeBase64); // returns a buffer
.validate(string)
Validates a string if it is URL Safe Base64 encoded.
var validURLSafeBase64 = '';
URLSafeBase64.validate(validURLSafeBase64); // returns true
var invalidURLSafeBase64 = '/+=='
URLSafeBase64.validate(invalidURLSafeBase64); // returns false
License
(The MIT License)
Copyright (c) 2014 RGBboy <l-_-l@rgbboy.com>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
URL Safe Base64 encoding
The npm package urlsafe-base64 receives a total of 165,619 weekly downloads. As such, urlsafe-base64 popularity was classified as popular.
We found that urlsafe-base64 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 18 Dec 2014
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Python Tools Are Quickly Adopting the New pylock.toml Standard
pip, PDM, pip-audit, and the packaging library are already adding support for Python’s new lock file format.
By Sarah Gooding - Apr 18, 2025
Product
Go Support Is Now Generally Available
Socket's Go support is now generally available, bringing automatic scanning and deep code analysis to all users with Go projects.
By Peter van der Zee, Ryan Eberhardt - Apr 17, 2025