Gathering detailed insights and metrics for @openpgp/web-stream-tools
Gathering detailed insights and metrics for @openpgp/web-stream-tools
Convenience functions for reading, transforming and working with WhatWG Streams
Installations
npm install @openpgp/web-stream-toolsDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Min. Node Version
>= 18.0.0
Node Version
20.11.1
NPM Version
8.15.0
Releases
Unable to fetch releases
Languages
2
JavaScript
TypeScript
JavaScript (85.3%)
TypeScript (14.7%)
Developer
openpgpjs
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
30 Stars
92 Commits
14 Forks
7 Watchers
9 Branches
14 Contributors
Updated on Jun 30, 2025
Package Meta Information
Latest Version
0.1.3
Package Id
@openpgp/web-stream-tools@0.1.3
Unpacked Size
36.91 kB
Size
10.30 kB
File Count
10
NPM Version
8.15.0
Node Version
20.11.1
Published on
Jun 26, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
1
Web Stream Tools
This library contains both basic convenience functions such as readToEnd, concat, slice, clone, and more complex functions for transforming and parsing streams. Examples of the latter can be found below.
Table of Contents
Usage
1npm install --save @openpgp/web-stream-tools
1import * as stream from '@openpgp/web-stream-tools';
Documentation
See the documentation for a full list of functions.
Stream support in Node.js
From v0.1, the library no longer supports native Node Readable streams in input, and instead expects Node's WebStreams. Node v17+ includes utilities to convert from and to Web Streams.
Examples
Transforming a stream
In this example we're encrypting a stream using an imaginary API which has process and finish methods.
1const encryptor = new Encryptor(); 2const encrypted = stream.transform(input, function process(chunk) { 3 return encryptor.process(chunk); 4}, function finish() { 5 return encryptor.finish(); 6});
Both the process and finish functions:
- are optional (by default no data is written to the transformed stream)
- may be asynchronous
- may throw (in which case the error is forwarded to the transformed stream)
input can be a stream containing anything, or it can be a plain value (Uint8Array or String) in which case transform() will simply return process(input) and finish() concatenated together.
Transforming a stream in chunks of 1024 bytes
In this example we're encrypting a stream using an imaginary API which has a process method that requires us to pass in chunks of size 1024 (unless it's the last chunk).
1const encrypted = stream.transformPair(input, async (readable, writable) => { 2 const reader = stream.getReader(readable); 3 const writer = stream.getWriter(writable); 4 try { 5 while (true) { 6 await writer.ready; 7 const chunk = await reader.readBytes(1024); 8 // The above will return 1024 bytes unless the stream closed before that, in which 9 // case it either returns fewer bytes or undefined if no data is available. 10 if (chunk === undefined) { 11 await writer.close(); 12 break; 13 } 14 await writer.write(encryptor.process(chunk)); 15 } 16 } catch(e) { 17 await writer.abort(e); 18 } 19});
The above example may seem more complicated than necessary, but it correctly handles:
- Backpressure (if
encryptedgets read slowly,inputgets read slowly as well) - Cancellation (if
encryptedgets canceled,inputgets cancelled as well) - Erroring (if
inputerrors,encryptedgets errored as well)
Unlike transform, transformPair will always return a stream, even if input is not.
Parsing data on a stream which is expected to be in a specific format
There are also helper functions for reading a specific number of bytes, or a single line, etc:
1stream.parse(input, reader => { 2 const byte = await reader.readByte(); // Single byte or undefined 3 const bytes = await reader.readBytes(n); // Uint8Array of up to n bytes, or undefined 4 const line = await reader.readLine(); // Returns String up to and including the first \n, or undefined. This function is specifically for a stream of Strings. 5 // There's also peekBytes() and unshift(), which you can use to look ahead in the stream. 6 7 const stream = reader.remainder(); // New stream containing the remainder of the original stream. Only available when using a Reader from stream.parse() 8});
Most of the functions above are also available when getting a reader using stream.getReader() instead of stream.parse().
All of the functions above also work when reading a stream containing Strings instead of a Uint8Arrays, and will return Strings in that case.
Cloning and slicing streams
There are also a few functions not for reading the stream, but for manipulating the stream for another function to read:
1stream.slice(input, begin, end); // Returns a stream pointing to part of the original stream, or a Uint8Array 2stream.clone(input); // Returns a copy of the stream so that two functions can read it. Note: this does *not* clone a Uint8Array, since this function is only meant for reading the same data twice. 3stream.passiveClone(input); // Also returns a copy of the stream, but doesn't return data immediately when you read from it, only returns data when you read from the original stream. This is meant for respecting backpressure.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/openpgpjs/web-stream-tools/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/openpgpjs/web-stream-tools/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/openpgpjs/web-stream-tools/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/openpgpjs/web-stream-tools/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/openpgpjs/web-stream-tools/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/openpgpjs/web-stream-tools/tests.yml/main?enable=pin
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 3 npmCommand dependencies pinned
Reason
Found 4/20 approved changesets -- score normalized to 2
Reason
2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/tests.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 14 are checked with a SAST tool
Reason
10 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-mxhp-79qh-mcx6
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
Score
3.3
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More