Gathering detailed insights and metrics for js-base64
Gathering detailed insights and metrics for js-base64
Installations
npm install js-base64Score
99.5
Supply Chain
99.5
Quality
77.8
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Developer
dankogai
Developer Guide
BETA
Module System
CommonJS, ESM
Min. Node Version
Typescript Support
Yes
Node Version
20.11.0
NPM Version
10.4.0
Statistics
4,278 Stars
397 Commits
1,326 Forks
70 Watching
3 Branches
38 Contributors
Updated on 28 Nov 2024
Languages
JavaScript (66.82%)
TypeScript (28.04%)
HTML (4.22%)
Makefile (0.92%)
Total Downloads
Cumulative downloads
Total Downloads
1,934,937,496
Last day
-5.2%
1,036,281
Compared to previous day
Last week
2.5%
5,914,537
Compared to previous week
Last month
12.7%
24,524,915
Compared to previous month
Last year
-1.4%
252,952,145
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
3
Versions
base64.js
Yet another Base64 transcoder.
Install
1$ npm install --save js-base64
Usage
In Browser
Locally…
1<script src="base64.js"></script>
… or Directly from CDN. In which case you don't even need to install.
1<script src="https://cdn.jsdelivr.net/npm/js-base64@3.7.7/base64.min.js"></script>
This good old way loads Base64 in the global context (window). Though Base64.noConflict() is made available, you should consider using ES6 Module to avoid tainting window.
As an ES6 Module
locally…
1import { Base64 } from 'js-base64';
1// or if you prefer no Base64 namespace 2import { encode, decode } from 'js-base64';
or even remotely.
1<script type="module"> 2// note jsdelivr.net does not automatically minify .mjs 3import { Base64 } from 'https://cdn.jsdelivr.net/npm/js-base64@3.7.7/base64.mjs'; 4</script>
1<script type="module"> 2// or if you prefer no Base64 namespace 3import { encode, decode } from 'https://cdn.jsdelivr.net/npm/js-base64@3.7.7/base64.mjs'; 4</script>
node.js (commonjs)
1const {Base64} = require('js-base64');
Unlike the case above, the global context is no longer modified.
You can also use esm to import instead of require.
1require=require('esm')(module); 2import {Base64} from 'js-base64';
SYNOPSIS
1let latin = 'dankogai'; 2let utf8 = '小飼弾' 3let u8s = new Uint8Array([100,97,110,107,111,103,97,105]); 4Base64.encode(latin); // ZGFua29nYWk= 5Base64.encode(latin, true); // ZGFua29nYWk skips padding 6Base64.encodeURI(latin); // ZGFua29nYWk 7Base64.btoa(latin); // ZGFua29nYWk= 8Base64.btoa(utf8); // raises exception 9Base64.fromUint8Array(u8s); // ZGFua29nYWk= 10Base64.fromUint8Array(u8s, true); // ZGFua29nYW which is URI safe 11Base64.encode(utf8); // 5bCP6aO85by+ 12Base64.encode(utf8, true) // 5bCP6aO85by- 13Base64.encodeURI(utf8); // 5bCP6aO85by-
1Base64.decode( 'ZGFua29nYWk=');// dankogai 2Base64.decode( 'ZGFua29nYWk'); // dankogai 3Base64.atob( 'ZGFua29nYWk=');// dankogai 4Base64.atob( '5bCP6aO85by+');// 'å°é£¼å¼¾' which is nonsense 5Base64.toUint8Array('ZGFua29nYWk=');// u8s above 6Base64.decode( '5bCP6aO85by+');// 小飼弾 7// note .decodeURI() is unnecessary since it accepts both flavors 8Base64.decode( '5bCP6aO85by-');// 小飼弾
1Base64.isValid(0); // false: 0 is not string 2Base64.isValid(''); // true: a valid Base64-encoded empty byte 3Base64.isValid('ZA=='); // true: a valid Base64-encoded 'd' 4Base64.isValid('Z A='); // true: whitespaces are okay 5Base64.isValid('ZA'); // true: padding ='s can be omitted 6Base64.isValid('++'); // true: can be non URL-safe 7Base64.isValid('--'); // true: or URL-safe 8Base64.isValid('+-'); // false: can't mix both
Built-in Extensions
By default Base64 leaves built-in prototypes untouched. But you can extend them as below.
1// you have to explicitly extend String.prototype 2Base64.extendString(); 3// once extended, you can do the following 4'dankogai'.toBase64(); // ZGFua29nYWk= 5'小飼弾'.toBase64(); // 5bCP6aO85by+ 6'小飼弾'.toBase64(true); // 5bCP6aO85by- 7'小飼弾'.toBase64URI(); // 5bCP6aO85by- ab alias of .toBase64(true) 8'小飼弾'.toBase64URL(); // 5bCP6aO85by- an alias of .toBase64URI() 9'ZGFua29nYWk='.fromBase64(); // dankogai 10'5bCP6aO85by+'.fromBase64(); // 小飼弾 11'5bCP6aO85by-'.fromBase64(); // 小飼弾 12'5bCP6aO85by-'.toUint8Array();// u8s above
1// you have to explicitly extend Uint8Array.prototype 2Base64.extendUint8Array(); 3// once extended, you can do the following 4u8s.toBase64(); // 'ZGFua29nYWk=' 5u8s.toBase64URI(); // 'ZGFua29nYWk' 6u8s.toBase64URL(); // 'ZGFua29nYWk' an alias of .toBase64URI()
1// extend all at once 2Base64.extendBuiltins()
.decode() vs .atob (and .encode() vs btoa())
Suppose you have:
var pngBase64 =
"iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=";
Which is a Base64-encoded 1x1 transparent PNG, DO NOT USE Base64.decode(pngBase64). Use Base64.atob(pngBase64) instead. Base64.decode() decodes to UTF-8 string while Base64.atob() decodes to bytes, which is compatible to browser built-in atob() (Which is absent in node.js). The same rule applies to the opposite direction.
Or even better, Base64.toUint8Array(pngBase64).
Brief History
- Since version 3.3 it is written in TypeScript. Now
base64.mjsis compiled frombase64.tsthenbase64.jsis generated frombase64.mjs. - Since version 3.7
base64.jsis ES5-compatible again (hence IE11-compatible). - Since 3.0
js-base64switch to ES2015 module so it is no longer compatible with legacy browsers like IE (see above)
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: BSD 3-Clause "New" or "Revised" License: LICENSE.md:0
Reason
Found 4/26 approved changesets -- score normalized to 1
Reason
0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/node.js.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/dankogai/js-base64/node.js.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/dankogai/js-base64/node.js.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/dankogai/js-base64/node.js.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/node.js.yml:34
- Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 8 are checked with a SAST tool
Score
4.2
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More