Installations
npm install hessian.jsDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>= 0.12.0
Node Version
18.15.0
NPM Version
9.5.0
Score
74.8
Supply Chain
97.8
Quality
81.2
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Contributors
25
Unable to fetch Contributors
Languages
1
JavaScript
JavaScript (100%)
Developer
node-modules
Download Statistics
Total Downloads
120,956
Last Day
47
Last Week
286
Last Month
1,445
Last Year
16,178
GitHub Statistics
185 Stars
234 Commits
29 Forks
20 Watching
18 Branches
25 Contributors
Bundle Size
66.90 kB
Minified
19.94 kB
Minified + Gzipped
Maintainers
5
Package Meta Information
Latest Version
2.11.0
Package Id
hessian.js@2.11.0
Unpacked Size
85.95 kB
Size
20.79 kB
File Count
15
NPM Version
9.5.0
Node Version
18.15.0
Publised On
16 Apr 2023
Total Downloads
Cumulative downloads
Total Downloads
120,956
Last day
-46%
47
Compared to previous day
Last week
-27.6%
286
Compared to previous week
Last month
14.8%
1,445
Compared to previous month
Last year
-0.8%
16,178
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
4
Dev Dependencies
5
Versions
hessian.js
Hessian Serialization 1.0 and 2.0 (base on version 4.0.7) written by pure JavaScript. Support all kind of types in Java, with high performance.
Install
1$ npm install hessian.js
Support Types
8 primitive types:
- raw binary data
- boolean
- 64-bit millisecond date
- 64-bit double
- 32-bit int
- 64-bit long
- null
- UTF8-encoded string
3 recursive types:
listfor lists and arraysmapfor maps and dictionariesobjectfor objects
one special contruct:
- ref for shared and circular object references
Hessian 2.0 has 3 internal reference maps:
- An object/list reference map.
- An class definition reference map.
- A type (class name) reference map.
Encoder
Tips: you can use with js-to-java to help you write java class in js.
Simple javascript type
1var hessian = require('hessian.js'); 2var java = require('js-to-java'); 3var encoder = new hessian.Encoder(); 4 5encoder.write(1); // int 6encoder.write(1.1); // double 7encoder.write(1e100); // double 8encoder.write(Math.pow(2, 18)); // long 9encoder.write(true); // boolean 10encoder.write(null); // null 11encoder.write('test'); // string 12 13// java base types 14encoder.write(java.long(3001010320)); // 3001010320L 15encoder.write(java.double(100)); // double 16encoder.write(java.array.int([0, 1, 2])); // int[] = {0, 1, 2} 17 18var object = {}; 19object.prop1 = [1, 2, 3]; 20object.prop2 = 'string'; 21object.prop3 = {key: 'value'}; 22object.prop4 = object; // circular 23encoder.write(object); // object
Complex java type
1var hessian = require('hessian.js'); 2var encoder = new hessian.Encoder(); 3 4var long = { 5 $class: 'java.lang.Long', 6 $: 1 7} 8encoder.write(long); // long type 9 10var testObject = { 11 $class: 'com.hessian.TestObject', 12 $: { 13 a: 1, 14 b: 'test', 15 c: {$class: 'java.lang.Long', $: 123} 16 } 17}; 18encoder.write(testObject);
Java Generic Map
1// java code: 2// Map<Long, Integer> map = new HashMap<Long, Integer>(); 3// map.put(123L, 123456); 4// map.put(123456L, 123); 5 6var hessian = require('hessian.js'); 7var encoder = new hessian.Encoder(); 8 9// using es6 Map 10var map = new Map(); 11map.set({ '$class': 'java.lang.Long', '$': 123 }, 123456); 12map.set({ '$class': 'java.lang.Long', '$': 123456 }, 123); 13 14encoder.write(map); // or encoder.write({ '$class': 'java.util.HashMap', '$': map })
Consistent Java type
If a type of Class contains a plurality of data, you must ensure that the number of attributes, and each instance of the order is the same!
// Wrong
[
{$class: 'com.X', $: {a: 1, b: 2}},
{$class: 'com.X', $: {b: 22, a: 11}},
{$class: 'com.X', $: {a: 1, b: 2, c: 3}}]
// Right
[
{$class: 'com.X', $: {a: 1, b: 2, c: 0}},
{$class: 'com.X', $: {a: 11, b: 22, c: 0}},
{$class: 'com.X', $: {a: 1, b: 2, c: 3}},
]
Decoder
1var hessian = require('hessian.js'); 2var decoder = new hessian.Decoder(buf); 3 4decoder.read(); //return what it is 5decoder.readNull(); 6decoder.readBool(); 7decoder.readInt(); 8decoder.readLong(); 9decoder.readDouble(); 10decoder.readDate(); 11decoder.readObect(); 12decoder.readMap(); 13decoder.readArray(); 14decoder.readList(); 15decoder.readRef();
Simple Usage
hessian 1.0:
1var hessian = require('hessian.js'); 2 3var testObject = { 4 a: 1, 5 b: 'string', 6 c: true, 7 d: 1.1, 8 e: Math.pow(2, 40), 9 f: [1, 2, 3, '4', true, 5], 10 g: {a: 1, b: true, c: 'string'} 11}; 12 13var buf; 14try { 15 buf = hessian.encode(testObject); 16} catch (err) { 17 console.log('encode error: ', err.message); 18 process.exit(1); 19} 20 21try { 22 var res = hessian.decode(buf); 23 // res.should.eql(testObject); 24} catch (err) { 25 console.log('decode error: ', err.message); 26}
hessian 2.0:
1var hessian = require('hessian.js'); 2 3var testObject = { 4 a: 1, 5 b: 'string', 6 c: true, 7 d: 1.1, 8 e: Math.pow(2, 40), 9 f: [1, 2, 3, '4', true, 5], 10 g: {a: 1, b: true, c: 'string'} 11}; 12 13var buf; 14try { 15 buf = hessian.encode(testObject, '2.0'); 16} catch (err) { 17 console.log('encode error: ', err.message); 18 process.exit(1); 19} 20 21try { 22 var res = hessian.decode(buf, '2.0'); 23 // res.should.eql(testObject); 24} catch (err) { 25 console.log('decode error: ', err.message); 26}
TODO
- more unit test, include test with other language.
- benchmark test.
hessian 2.0 decodehessian 2.0 encode
What's different between hassian 1.0 and 2.0?
Rmeaningrefon 1.0, butx52 ('R')represents any non-final string chunk on 2.0
Hessian 2.0 Serialization Grammar
# starting production
top ::= value
# 8-bit binary data split into 64k chunks
binary ::= x41 b1 b0 <binary-data> binary # non-final chunk
::= 'B' b1 b0 <binary-data> # final chunk
::= [x20-x2f] <binary-data> # binary data of
# length 0-15
::= [x34-x37] <binary-data> # binary data of
# length 0-1023
# boolean true/false
boolean ::= 'T'
::= 'F'
# definition for an object (compact map)
class-def ::= 'C' string int string*
# time in UTC encoded as 64-bit long milliseconds since
# epoch
date ::= x4a b7 b6 b5 b4 b3 b2 b1 b0
::= x4b b3 b2 b1 b0 # minutes since epoch
# 64-bit IEEE double
double ::= 'D' b7 b6 b5 b4 b3 b2 b1 b0
::= x5b # 0.0
::= x5c # 1.0
::= x5d b0 # byte cast to double
# (-128.0 to 127.0)
::= x5e b1 b0 # short cast to double
::= x5f b3 b2 b1 b0 # 32-bit float cast to double
# 32-bit signed integer
int ::= 'I' b3 b2 b1 b0
::= [x80-xbf] # -x10 to x3f
::= [xc0-xcf] b0 # -x800 to x7ff
::= [xd0-xd7] b1 b0 # -x40000 to x3ffff
# list/vector
list ::= x55 type value* 'Z' # variable-length list
::= 'V' type int value* # fixed-length list
::= x57 value* 'Z' # variable-length untyped list
::= x58 int value* # fixed-length untyped list
::= [x70-77] type value* # fixed-length typed list
::= [x78-7f] value* # fixed-length untyped list
# 64-bit signed long integer
long ::= 'L' b7 b6 b5 b4 b3 b2 b1 b0
::= [xd8-xef] # -x08 to x0f
::= [xf0-xff] b0 # -x800 to x7ff
::= [x38-x3f] b1 b0 # -x40000 to x3ffff
::= x59 b3 b2 b1 b0 # 32-bit integer cast to long
# map/object
map ::= 'M' type (value value)* 'Z' # key, value map pairs
::= 'H' (value value)* 'Z' # untyped key, value
# null value
null ::= 'N'
# Object instance
object ::= 'O' int value*
::= [x60-x6f] value*
# value reference (e.g. circular trees and graphs)
ref ::= x51 int # reference to nth map/list/object
# UTF-8 encoded character string split into 64k chunks
string ::= x52 b1 b0 <utf8-data> string # non-final chunk
::= 'S' b1 b0 <utf8-data> # string of length
# 0-65535
::= [x00-x1f] <utf8-data> # string of length
# 0-31
::= [x30-x34] <utf8-data> # string of length
# 0-1023
# map/list types for OO languages
type ::= string # type name
::= int # type reference
# main production
value ::= null
::= binary
::= boolean
::= class-def value
::= date
::= double
::= int
::= list
::= long
::= map
::= object
::= ref
::= string
Hessian 2.0 Bytecode map
Hessian 2.0 is organized as a bytecode protocol. A Hessian reader is essentially a switch statement on the initial octet.
x00 - x1f # utf-8 string length 0-32
x20 - x2f # binary data length 0-16
x30 - x33 # utf-8 string length 0-1023
x34 - x37 # binary data length 0-1023
x38 - x3f # three-octet compact long (-x40000 to x3ffff)
x40 # reserved (expansion/escape)
x41 # 8-bit binary data non-final chunk ('A')
x42 # 8-bit binary data final chunk ('B')
x43 # object type definition ('C')
x44 # 64-bit IEEE encoded double ('D')
x45 # reserved
x46 # boolean false ('F')
x47 # reserved
x48 # untyped map ('H')
x49 # 32-bit signed integer ('I')
x4a # 64-bit UTC millisecond date
x4b # 32-bit UTC minute date
x4c # 64-bit signed long integer ('L')
x4d # map with type ('M')
x4e # null ('N')
x4f # object instance ('O')
x50 # reserved
x51 # reference to map/list/object - integer ('Q')
x52 # utf-8 string non-final chunk ('R')
x53 # utf-8 string final chunk ('S')
x54 # boolean true ('T')
x55 # variable-length list/vector ('U')
x56 # fixed-length list/vector ('V')
x57 # variable-length untyped list/vector ('W')
x58 # fixed-length untyped list/vector ('X')
x59 # long encoded as 32-bit int ('Y')
x5a # list/map terminator ('Z')
x5b # double 0.0
x5c # double 1.0
x5d # double represented as byte (-128.0 to 127.0)
x5e # double represented as short (-32768.0 to 327676.0)
x5f # double represented as float
x60 - x6f # object with direct type (` ... n, o)
x70 - x77 # fixed list with direct length (p, q, r, s, t, u, v, w)
x78 - x7f # fixed untyped list with direct length (x, y, z, {, |, }, ~, .....)
x80 - xbf # one-octet compact int (-x10 to x3f, x90 is 0)
xc0 - xcf # two-octet compact int (-x800 to x7ff)
xd0 - xd7 # three-octet compact int (-x40000 to x3ffff)
xd8 - xef # one-octet compact long (-x8 to xf, xe0 is 0)
xf0 - xff # two-octet compact long (-x800 to x7ff, xf8 is 0)
About Hessian 2.0 Optimized Decoder
Hessian 2.0 introduced ref to avoid sending duplicated class definition in the same context. Actully, the context can promote to connection level in some RPC framework. For example, EADS, Requests using the same connection will not change their class definition.
Licences
Contributors
 dead-horse |  fengmk2 |  gxcsoccer |  fool2fish |  coolme200 |  denghongcai |
|---|---|---|---|---|---|
 JacksonTian |  xusiyuan841028 |  snyk-bot |
This project follows the git-contributor spec, auto updated at Mon Nov 01 2021 18:13:11 GMT+0800.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 0 commits out of 18 are checked with a SAST tool
Reason
Found 9/30 approved changesets -- score normalized to 3
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:28
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:29
- Warn: no topLevel permission defined: .github/workflows/codeql.yml:1
- Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/node-modules/hessian.js/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/node-modules/hessian.js/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/node-modules/hessian.js/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/node-modules/hessian.js/codeql.yml/master?enable=pin
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Score
4.6
/10
Last Scanned on 2025-01-20
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More