Gathering detailed insights and metrics for minizlib
Gathering detailed insights and metrics for minizlib
A smaller, faster, zlib stream built on http://npm.im/minipass and Node.js's zlib binding.
Installations
npm install minizlibReleases
Unable to fetch releases
Developer
isaacs
Developer Guide
BETA
Module System
ESM
Min. Node Version
>= 18
Typescript Support
Yes
Node Version
20.11.0
NPM Version
10.5.0
Statistics
73 Stars
82 Commits
9 Forks
3 Watching
6 Branches
2 Contributors
Updated on 25 Sept 2024
Bundle Size
17.34 kB
Minified
5.50 kB
Minified + Gzipped
Languages
JavaScript (71.63%)
TypeScript (28.37%)
Total Downloads
Cumulative downloads
Total Downloads
4,673,535,444
Last day
2.1%
5,233,367
Compared to previous day
Last week
7.4%
27,882,760
Compared to previous week
Last month
12.6%
112,546,340
Compared to previous month
Last year
14.6%
1,172,739,477
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
minizlib
A fast zlib stream built on minipass and Node.js's zlib binding.
This module was created to serve the needs of node-tar and minipass-fetch.
Brotli is supported in versions of node with a Brotli binding.
How does this differ from the streams in 'node:zlib'?
First, there are no convenience methods to compress or decompress a
buffer. If you want those, use the built-in zlib module. This is
only streams. That being said, Minipass streams to make it fairly easy to
use as one-liners: new zlib.Deflate().end(data).read() will return the
deflate compressed result.
This module compresses and decompresses the data as fast as you feed it in. It is synchronous, and runs on the main process thread. Zlib and Brotli operations can be high CPU, but they're very fast, and doing it this way means much less bookkeeping and artificial deferral.
Node's built in zlib streams are built on top of stream.Transform.
They do the maximally safe thing with respect to consistent
asynchrony, buffering, and backpressure.
See Minipass for more on the differences between Node.js core streams and Minipass streams, and the convenience methods provided by that class.
Classes
- Deflate
- Inflate
- Gzip
- Gunzip
- DeflateRaw
- InflateRaw
- Unzip
- BrotliCompress (Node v10 and higher)
- BrotliDecompress (Node v10 and higher)
USAGE
1import { BrotliDecompress } from 'minizlib' 2// or: const BrotliDecompress = require('minizlib') 3 4const input = sourceOfCompressedData() 5const decode = new BrotliDecompress() 6const output = whereToWriteTheDecodedData() 7input.pipe(decode).pipe(output)
REPRODUCIBLE BUILDS
To create reproducible gzip compressed files across different operating
systems, set portable: true in the options. This causes minizlib to set
the OS indicator in byte 9 of the extended gzip header to 0xFF for
'unknown'.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
4 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Reason
Found 0/30 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/typedoc.yml:14
- Info: no jobLevel write permissions found
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/isaacs/minizlib/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/isaacs/minizlib/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typedoc.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/isaacs/minizlib/typedoc.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typedoc.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/isaacs/minizlib/typedoc.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typedoc.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/isaacs/minizlib/typedoc.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typedoc.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/isaacs/minizlib/typedoc.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typedoc.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/isaacs/minizlib/typedoc.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/typedoc.yml:39
- Info: 0 out of 7 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Score
3
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More