Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
zstddec
Advanced tools
Readme
ZSTD (Zstandard) decoder for Web and Node.js, using WebAssembly.
npm install --save zstddec
import { ZSTDDecoder } from 'zstddec';
const decoder = new ZSTDDecoder();
await decoder.init();
const decompressedArray = decoder.decode( compressedArray, uncompressedSize );
Limitations: The decoder may fail with the error
wasm function signature contains illegal type
when theuncompressedSize
is not known in advance and given to thedecode()
method. This is presumably a bug in the WASM bindings, which I am not yet sure how to fix.
To build the project locally, run:
npm install
npm run dist
To test changes:
npm test
Compiled from https://github.com/facebook/zstd/tree/dev/contrib/single_file_libs, with the following steps:
./combine.sh -r ../../lib -o zstddeclib.c zstddeclib-in.c
emcc zstddeclib.c -Oz -s EXPORTED_FUNCTIONS="['_ZSTD_decompress', '_ZSTD_findDecompressedSize', '_ZSTD_isError', '_malloc', '_free']" -s ALLOW_MEMORY_GROWTH=1 -s MALLOC=emmalloc -o zstddec.wasm
base64 zstddec.wasm > zstddec.txt
The base64 string written to zstddec.txt
is embedded as the wasm
variable at the bottom
of the source file. The rest of the file is written by hand, in order to avoid an additional JS
wrapper generated by Emscripten.
JavaScript wrapper is provided under the MIT License, and the WASM ZSTD decoder is provided by Facebook under the BSD 3-Clause License.
FAQs
ZSTD (Zstandard) decoder for Web and Node.js, using WebAssembly
The npm package zstddec receives a total of 141,501 weekly downloads. As such, zstddec popularity was classified as popular.
We found that zstddec demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.