Security News
Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
A clarification on our recent research investigating 60 malicious Ruby gems.
By Sarah Gooding - Aug 22, 2025
zip
= rubyzip
rubyzip is a ruby library for reading and writing zip files.
= Install
If you have rubygems you can install rubyzip directly from the gem repository
gem install rubyzip
Otherwise obtain the source (see below) and run
ruby install.rb
To run the unit tests you need to have test::unit installed
rake test
= Documentation
There is more than one way to access or create a zip archive with rubyzip. The basic API is modeled after the classes in java.util.zip from the Java SDK. This means there are classes such as Zip::ZipInputStream, Zip::ZipOutputStream and Zip::ZipFile. Zip::ZipInputStream provides a basic interface for iterating through the entries in a zip archive and reading from the entries in the same way as from a regular File or IO object. ZipOutputStream is the corresponding basic output facility. Zip::ZipFile provides a mean for accessing the archives central directory and provides means for accessing any entry without having to iterate through the archive. Unlike Java's java.util.zip.ZipFile rubyzip's Zip::ZipFile is mutable, which means it can be used to change zip files as well.
Another way to access a zip archive with rubyzip is to use rubyzip's Zip::ZipFileSystem API. Using this API files can be read from and written to the archive in much the same manner as ruby's builtin classes allows files to be read from and written to the file system.
rubyzip also features the zip/ziprequire.rb[link:files/lib/zip/ziprequire_rb.html] module which allows ruby to load ruby modules from zip archives.
For details about the specific behaviour of classes and methods refer to the test suite. Finally you can generate the rdoc documentation or visit http://rubyzip.sourceforge.net.
= License
rubyzip is distributed under the same license as ruby. See http://www.ruby-lang.org/en/LICENSE.txt
= Website and Project Home
http://rubyzip.sourceforge.net
http://sourceforge.net/projects/rubyzip
== Download (tarballs and gems)
http://sourceforge.net/project/showfiles.php?group_id=43107&package_id=35377
= Authors
Thomas Sondergaard (thomas at sondergaard.cc)
Technorama Ltd. (oss-ruby-zip at technorama.net)
extra-field support contributed by Tatsuki Sugiura (sugi at nemui.org)
FAQs
Unknown package
We found that zip demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 26 May 2010
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ESLint Adds Support for Parallel Linting, Closing 10-Year-Old Feature Request
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
By Sarah Gooding - Aug 22, 2025
Research
/Security News
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.
By Kirill Boychenko - Aug 21, 2025