Gathering detailed insights and metrics for pako
Gathering detailed insights and metrics for pako
high speed zlib port to javascript, works in browser & node.js
Installations
npm install pakoDeveloper Guide
BETA
Typescript
No
Module System
ESM
Node Version
16.13.2
NPM Version
8.1.2
Score
99.7
Supply Chain
99.6
Quality
76
Maintenance
100
Vulnerability
99.6
License
Releases
Unable to fetch releases
Languages
1
JavaScript
JavaScript (100%)
Developer
Download Statistics
Total Downloads
6,325,265,187
Last Day
5,089,055
Last Week
32,255,042
Last Month
131,582,221
Last Year
1,394,691,091
GitHub Statistics
MIT License
5,830 Stars
375 Commits
798 Forks
84 Watchers
4 Branches
23 Contributors
Updated on May 23, 2025
Bundle Size
46.00 kB
Minified
14.18 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
2.1.0
Package Id
pako@2.1.0
Unpacked Size
1.56 MB
Size
402.81 kB
File Count
33
NPM Version
8.1.2
Node Version
16.13.2
Published on
Nov 07, 2022
Total Downloads
Cumulative downloads
Total Downloads
6,325,265,187
Last Day
1.6%
5,089,055
Compared to previous day
Last Week
2.5%
32,255,042
Compared to previous week
Last Month
2.9%
131,582,221
Compared to previous month
Last Year
12.9%
1,394,691,091
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
pako
zlib port to javascript, very fast!
Why pako is cool:
- Results are binary equal to well known zlib (now contains ported zlib v1.2.8).
- Almost as fast in modern JS engines as C implementation (see benchmarks).
- Works in browsers, you can browserify any separate component.
This project was done to understand how fast JS can be and is it necessary to develop native C modules for CPU-intensive tasks. Enjoy the result!
Benchmarks:
node v12.16.3 (zlib 1.2.9), 1mb input sample:
deflate-imaya x 4.75 ops/sec ±4.93% (15 runs sampled)
deflate-pako x 10.38 ops/sec ±0.37% (29 runs sampled)
deflate-zlib x 17.74 ops/sec ±0.77% (46 runs sampled)
gzip-pako x 8.86 ops/sec ±1.41% (29 runs sampled)
inflate-imaya x 107 ops/sec ±0.69% (77 runs sampled)
inflate-pako x 131 ops/sec ±1.74% (82 runs sampled)
inflate-zlib x 258 ops/sec ±0.66% (88 runs sampled)
ungzip-pako x 115 ops/sec ±1.92% (80 runs sampled)
node v14.15.0 (google's zlib), 1mb output sample:
deflate-imaya x 4.93 ops/sec ±3.09% (16 runs sampled)
deflate-pako x 10.22 ops/sec ±0.33% (29 runs sampled)
deflate-zlib x 18.48 ops/sec ±0.24% (48 runs sampled)
gzip-pako x 10.16 ops/sec ±0.25% (28 runs sampled)
inflate-imaya x 110 ops/sec ±0.41% (77 runs sampled)
inflate-pako x 134 ops/sec ±0.66% (83 runs sampled)
inflate-zlib x 402 ops/sec ±0.74% (87 runs sampled)
ungzip-pako x 113 ops/sec ±0.62% (80 runs sampled)
zlib's test is partially affected by marshalling (that make sense for inflate only). You can change deflate level to 0 in benchmark source, to investigate details. For deflate level 6 results can be considered as correct.
Install:
npm install pako
Examples / API
Full docs - http://nodeca.github.io/pako/
1const pako = require('pako'); 2 3// Deflate 4// 5const input = new Uint8Array(); 6//... fill input data here 7const output = pako.deflate(input); 8 9// Inflate (simple wrapper can throw exception on broken stream) 10// 11const compressed = new Uint8Array(); 12//... fill data to uncompress here 13try { 14 const result = pako.inflate(compressed); 15 // ... continue processing 16} catch (err) { 17 console.log(err); 18} 19 20// 21// Alternate interface for chunking & without exceptions 22// 23 24const deflator = new pako.Deflate(); 25 26deflator.push(chunk1, false); 27deflator.push(chunk2); // second param is false by default. 28... 29deflator.push(chunk_last, true); // `true` says this chunk is last 30 31if (deflator.err) { 32 console.log(deflator.msg); 33} 34 35const output = deflator.result; 36 37 38const inflator = new pako.Inflate(); 39 40inflator.push(chunk1); 41inflator.push(chunk2); 42... 43inflator.push(chunk_last); // no second param because end is auto-detected 44 45if (inflator.err) { 46 console.log(inflator.msg); 47} 48 49const output = inflator.result;
Sometime you can wish to work with strings. For example, to send stringified objects to server. Pako's deflate detects input data type, and automatically recode strings to utf-8 prior to compress. Inflate has special option, to say compressed data has utf-8 encoding and should be recoded to javascript's utf-16.
1const pako = require('pako'); 2 3const test = { my: 'super', puper: [456, 567], awesome: 'pako' }; 4 5const compressed = pako.deflate(JSON.stringify(test)); 6 7const restored = JSON.parse(pako.inflate(compressed, { to: 'string' }));
Notes
Pako does not contain some specific zlib functions:
- deflate - methods
deflateCopy,deflateBound,deflateParams,deflatePending,deflatePrime,deflateTune. - inflate - methods
inflateCopy,inflateMark,inflatePrime,inflateGetDictionary,inflateSync,inflateSyncPoint,inflateUndermine. - High level inflate/deflate wrappers (classes) may not support some flush modes.
pako for enterprise
Available as part of the Tidelift Subscription
The maintainers of pako and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
Authors
Personal thanks to:
- Vyacheslav Egorov (@mraleph) for his awesome tutorials about optimising JS code for v8, IRHydra tool and his advices.
- David Duponchel (@dduponchel) for help with testing.
Original implementation (in C):
- zlib by Jean-loup Gailly and Mark Adler.
License
- MIT - all files, except
/lib/zlibfolder - ZLIB -
/lib/zlibcontent
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: topLevel permissions set to 'read-all': .github/workflows/ci.yml:9
- Info: no jobLevel write permissions found
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 existing vulnerabilities detected
Reason
project is fuzzed
Details
- Info: OSSFuzz integration found
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/nodeca/.github/SECURITY.md:1
- Info: Found linked content: github.com/nodeca/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/nodeca/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/nodeca/.github/SECURITY.md:1
Reason
0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1
Reason
Found 3/30 approved changesets -- score normalized to 1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/nodeca/pako/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/nodeca/pako/ci.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:31
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 3 are checked with a SAST tool
Score
5.8
/10
Last Scanned on 2025-05-19
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More