Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Rcsv is a fast CSV parsing library for MRI Ruby. Tested on REE, 1.8.7, 1.9.4, 2.0.0, 2.1.6, 2.2.2.
Contrary to many other gems that implement their own parsers, Rcsv uses libcsv 3.0.3 (http://sourceforge.net/projects/libcsv/). As long as libcsv's API is stable, getting Rcsv to use newer libcsv version is as simple as updating two files (csv.h and libcsv.c).
user system total real
FasterCSV 0.580000 0.000000 0.580000 ( 0.618837)
rcsv 0.060000 0.000000 0.060000 ( 0.062248)
Rcsv itself is distributed under BSD-derived license (see LICENSE) except for included csv.h and libcsv.c source files that are distributed under LGPL v2.1 (see COPYING.LESSER). Libcsv sources were not modified in any manner.
Add this line to your application's Gemfile:
gem 'rcsv'
And then execute:
$ bundle
Or install it yourself as:
$ gem install rcsv
First, check out the master branch. Then cd there and run:
$ bundle # Installs development dependencies
$ bundle exec rake # Runs tests
$ gem build rcsv.gemspec # Builds the gem
Currently, Rcsv only supports CSV parsing. CSV write support is under works.
Quickstart:
parsed = Rcsv.parse(csv_data)
Rcsv class exposes a class method parse that accepts a CSV string as its first parameter and options hash as its second parameter. If block is passed, Rcsv sequentially yields every parsed line to it and the #parse method itself returns nil.
Options supported:
A single-character string that is used as a separator. Default is ",".
A boolean flag. When enabled, allows to parse oddly quoted CSV data without exceptions being raised. Disabled by default.
Anything that does not conform to http://www.creativyst.com/Doc/Articles/CSV/CSV01.htm should better be parsed with this option enabled.
A Ruby symbol that specifies how empty CSV fields should be processed. Accepted values:
:nil_or_string (default) - If empty field is quoted, it is parsed as empty Ruby string. If empty field is not quoted, it is parsed as Nil.
:nil - Always parse as Nil.
:string - Always parse as empty string.
This option doesn't affect defaults processing: all empty fields are replaced with default values if the latter are provided (via per-column :default).
A positive integer that specifies how many rows should be skipped, counting from the beginning. Default is 0.
A hash that contains per-column parsing instructions. By default, every CSV cell is parsed as a raw string without conversions. Empty strings are parsed as nils.
If CSV has a header, :columns keys can be strings that are equal to column names in the header. If there is no header, keys should represent integer column positions.
:columns values are in turn hashes that provide parsing options:
A Ruby symbol that specifies how CSV header should be processed. Accepted values:
:use (default) - If :columns is set, instructs Rcsv to parse the first CSV line and use column names from there as :columns keys. Ignores the header when :columns is not set.
:skip - Skips the header, treats :columns keys as column positions.
:none - Tells Rcsv that CSV header is not present. :columns keys are treated as column positions.
A boolean flag. Disabled by default. When enabled, parse return value is represented as array of hashes. If :header is set to :use, keys for hashes are either string column names from CSV header or their aliases. Otherwise, column indexes are used. When :row_as_hash is disabled, return value is represented as array of arrays.
A boolean flag. If enabled, only parses columns that are listed in :columns. Disabled by default.
An integer. Default is 1MiB (1024 * 1024). Specifies a number of bytes that are read at once, thus allowing to read drectly from IO-like objects (files, sockets etc).
A string. By default is auto-detected from the original CSV file. If specified, enforces the encoding of parsed string values. The default value keeps the encoding the same as in the original CSV file.
This example parses a 3-column CSV file and only returns parsed rows where "Age" values are parsed to 35, 36 or 37.
Rcsv.parse some_csv, :row_as_hash => true,
:columns => {
'First Name' => { :alias => :first_name, :default => "Unknown" },
'Last Name' => { :alias => :last_name, :default => "Unknown"},
'Age' => { :alias => :age, :type => :int, :match => [35, 36, 37]]
}
The result would look like this:
[
{ :first_name => "Mary", :last_name => "Jane", :age => 35 },
{ :first_name => "Unknown", :last_name => "Alien", :age => 35}
]
Another example, for a miserable headerless Tab-separated CSV:
Rcsv.parse some_csv, :column_separator => "\t",
:header => :none,
:columns => {
1 => { :type => :float, :default => 0 }
}
The result would look like this:
[
[ "Very hot", 3.7, "Mercury" ],
[ "Very hot and cloudy", 8.87, "Venus" ],
[ "Just about ok", 9.78, "Earth"],
[ nil, 0, "Vacuum" ]
]
And here is an example of passing a block:
Rcsv.parse(some_csv) { |row|
puts row.inspect
}
That would display contents of each row without needing to put the whole parsed result array to memory:
["a", "b", "c", "d", "e", "f"]
["1", "2", "3", "4", "5", "6"]
This way it is possible to read from a File directly, with a 20MiB buffer and parse lines one by one:
some_csv_file = File.open('/some/file.csv')
Rcsv.parse(some_csv_file, :buffer_size => 20 * 1024 * 1024) { |row|
puts row.inspect
}
some_csv_file.close
git checkout -b my-new-feature
)git commit -am 'Added some feature'
)git push origin my-new-feature
)FAQs
Unknown package
We found that rcsv demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.