Research
Security News
The Growing Risk of Malicious Browser Extensions
Socket researchers uncover how browser extensions in trusted stores are used to hijack sessions, redirect traffic, and manipulate user behavior.
By Kush Pandya - Jun 13, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
whisper-node
Advanced tools
whisper-node
Node.js bindings for OpenAI's Whisper. Transcription done local.
Features
- Output transcripts to JSON (also .txt .srt .vtt)
- Optimized for CPU (Including Apple Silicon ARM)
- Timestamp precision to single word
Installation
- Add dependency to project
npm install whisper-node
- Download whisper model of choice
npx whisper-node download
Requirement for Windows: Install the make command from here.
Usage
import whisper from 'whisper-node';
const transcript = await whisper("example/sample.wav");
console.log(transcript); // output: [ {start,end,speech} ]
Output (JSON)
[
{
"start": "00:00:14.310", // time stamp begin
"end": "00:00:16.480", // time stamp end
"speech": "howdy" // transcription
}
]
Usage with Additional Options
import whisper from 'whisper-node';
const filePath = "example/sample.wav"; // required
const options = {
modelName: "base.en", // default
// modelPath: "/custom/path/to/model.bin", // use model in a custom directory (cannot use along with 'modelName')
whisperOptions: {
language: 'auto' // default (use 'auto' for auto detect)
gen_file_txt: false, // outputs .txt file
gen_file_subtitle: false, // outputs .srt file
gen_file_vtt: false, // outputs .vtt file
word_timestamps: true // timestamp for every word
// timestamp_size: 0 // cannot use along with word_timestamps:true
}
}
const transcript = await whisper(filePath, options);
Files must be .wav and 16Hz
Use FFmpeg to convert an example .mp3 with this command: ffmpeg -i input.mp3 -ar 16000 output.wav
Made with
Roadmap
- Support projects not using Typescript
- Allow custom directory for storing models
- Config files as alternative to model download cli
- Remove path, shelljs and prompt-sync package for browser, react-native expo, and webassembly compatibility
- fluent-ffmpeg to support more audio formats
- Pyanote diarization for speaker names
- Implement WhisperX as optional alternative model for diarization and higher precision timestamps (as alternative to C++ version)
- Add option for viewing detected langauge as described in Issue 16
- Include typescript typescript types in
d.tsfile - Add support for language option
- Add support for transcribing audio streams as already implemented in whisper.cpp
Modifying whisper-node
npm run dev - runs nodemon and tsc on '/src/test.ts'
npm run build - runs tsc, outputs to '/dist' and gives sh permission to 'dist/download.js'
Acknowledgements
FAQs
Node.js bindings for OpenAI's Whisper. Runs local on CPU.
The npm package whisper-node receives a total of 4,866 weekly downloads. As such, whisper-node popularity was classified as popular.
We found that whisper-node demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 29 Nov 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
2025 Blockchain and Cryptocurrency Threat Report: Malware in the Open Source Supply Chain
An in-depth analysis of credential stealers, crypto drainers, cryptojackers, and clipboard hijackers abusing open source package registries to compromise Web3 development environments.
By Kirill Boychenko - Jun 12, 2025
Security News
pnpm 10.12 Introduces Global Virtual Store and Expanded Version Catalogs
pnpm 10.12.1 introduces a global virtual store for faster installs and new options for managing dependencies with version catalogs.
By Sarah Gooding - Jun 11, 2025