Gathering detailed insights and metrics for minizlib
Gathering detailed insights and metrics for minizlib
A smaller, faster, zlib stream built on http://npm.im/minipass and Node.js's zlib binding.
Installations
npm install minizlibDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Min. Node Version
>= 18
Node Version
22.14.0
NPM Version
11.2.0
Score
99.8
Supply Chain
88
Quality
76.9
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Languages
2
JavaScript
TypeScript
JavaScript (65.71%)
TypeScript (34.29%)
Developer
isaacs
Download Statistics
Total Downloads
5,436,276,227
Last Day
1,924,156
Last Week
34,018,951
Last Month
145,343,296
Last Year
1,373,973,041
GitHub Statistics
NOASSERTION License
80 Stars
90 Commits
11 Forks
2 Watchers
3 Branches
4 Contributors
Updated on Jun 19, 2025
Bundle Size
17.15 kB
Minified
5.55 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
3.0.2
Package Id
minizlib@3.0.2
Unpacked Size
108.39 kB
Size
17.56 kB
File Count
21
NPM Version
11.2.0
Node Version
22.14.0
Published on
Mar 31, 2025
Total Downloads
Cumulative downloads
Total Downloads
5,436,276,227
Last Day
-8.2%
1,924,156
Compared to previous day
Last Week
-7%
34,018,951
Compared to previous week
Last Month
7.1%
145,343,296
Compared to previous month
Last Year
27.9%
1,373,973,041
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
4
minizlib
A fast zlib stream built on minipass and Node.js's zlib binding.
This module was created to serve the needs of node-tar and minipass-fetch.
Brotli is supported in versions of node with a Brotli binding.
How does this differ from the streams in 'node:zlib'?
First, there are no convenience methods to compress or decompress a
buffer. If you want those, use the built-in zlib module. This is
only streams. That being said, Minipass streams to make it fairly easy to
use as one-liners: new zlib.Deflate().end(data).read() will return the
deflate compressed result.
This module compresses and decompresses the data as fast as you feed it in. It is synchronous, and runs on the main process thread. Zlib and Brotli operations can be high CPU, but they're very fast, and doing it this way means much less bookkeeping and artificial deferral.
Node's built in zlib streams are built on top of stream.Transform.
They do the maximally safe thing with respect to consistent
asynchrony, buffering, and backpressure.
See Minipass for more on the differences between Node.js core streams and Minipass streams, and the convenience methods provided by that class.
Classes
- Deflate
- Inflate
- Gzip
- Gunzip
- DeflateRaw
- InflateRaw
- Unzip
- BrotliCompress (Node v10 and higher)
- BrotliDecompress (Node v10 and higher)
USAGE
1import { BrotliDecompress } from 'minizlib' 2// or: const BrotliDecompress = require('minizlib') 3 4const input = sourceOfCompressedData() 5const decode = new BrotliDecompress() 6const output = whereToWriteTheDecodedData() 7input.pipe(decode).pipe(output)
REPRODUCIBLE BUILDS
To create reproducible gzip compressed files across different operating
systems, set portable: true in the options. This causes minizlib to set
the OS indicator in byte 9 of the extended gzip header to 0xFF for
'unknown'.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
1 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Reason
Found 2/30 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/typedoc.yml:14
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/isaacs/minizlib/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/isaacs/minizlib/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typedoc.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/isaacs/minizlib/typedoc.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typedoc.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/isaacs/minizlib/typedoc.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typedoc.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/isaacs/minizlib/typedoc.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typedoc.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/isaacs/minizlib/typedoc.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typedoc.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/isaacs/minizlib/typedoc.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/typedoc.yml:39
- Info: 0 out of 7 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 2 are checked with a SAST tool
Score
3.3
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More