Gathering detailed insights and metrics for token-types
Gathering detailed insights and metrics for token-types
A primitive token library used to read from, and to write a node Buffer
Installations
npm install token-typesDeveloper
Borewit
Developer Guide
BETA
Module System
ESM
Min. Node Version
>=14.16
Typescript Support
Yes
Node Version
22.3.0
NPM Version
10.8.1
Statistics
11 Stars
663 Commits
8 Forks
3 Watching
15 Branches
4 Contributors
Updated on 09 Aug 2024
Languages
TypeScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
500,616,188
Last day
-1.7%
983,487
Compared to previous day
Last week
4.9%
5,225,294
Compared to previous week
Last month
9.3%
21,612,671
Compared to previous month
Last year
44.8%
216,752,702
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Dev Dependencies
21
@types/chai@types/mocha@types/node@typescript-eslint/eslint-plugin@typescript-eslint/parserc8chaidel-clieslinteslint-config-prettiereslint-import-resolver-typescripteslint-plugin-importeslint-plugin-jsdoceslint-plugin-nodeeslint-plugin-unicornmocharemark-cliremark-preset-lint-recommendedsource-map-supportts-nodetypescript
Versions
token-types
A primitive token library used to read and write from a Uint8Array.
Although it is possible to use this module directly, it is primarily designed to be used with strtok3 tokenizer.
Compatibility
Module: version 5 migrated from CommonJS to pure ECMAScript Module (ESM). JavaScript is compliant with ECMAScript 2019 (ES10).
Installation
1npm install --save token-types
Usually in combination with strtok3:
1npm install --save strtok3
Using TypeScript you should also install @tokenizer/token as a development dependency:
1npm install --save-dev @tokenizer/token
Example
1import * as strtok3 from 'strtok3'; 2import * as token from 'token-types'; 3 4(async () => { 5 6 const tokenizer = await strtok3.fromFile("somefile.bin"); 7 try { 8 const myNumber = await tokenizer.readToken(token.Float32_BE); 9 console.log(`My number: ${myNumber}`); 10 } finally { 11 tokenizer.close(); // Close the file 12 } 13})();
Tokens
Numeric tokens
token-types supports a wide variety of numeric tokens out of the box:
| Token | Number | Bits | Endianness |
|---|---|---|---|
UINT8 | Unsigned integer | 8 | n/a |
UINT16_BE | Unsigned integer | 16 | big endian |
UINT16_LE | Unsigned integer | 16 | little endian |
UINT24_BE | Unsigned integer | 24 | big endian |
UINT24_LE | Unsigned integer | 24 | little endian |
UINT32_BE | Unsigned integer | 32 | big endian |
UINT32_LE | Unsigned integer | 32 | little endian |
UINT64_BE | Unsigned integer | 64 | big endian |
UINT64_LE* | Unsigned integer | 64 | little endian |
INT8 | Signed integer | 8 | n/a |
INT16_BE | Signed integer | 16 | big endian |
INT16_LE | Signed integer | 16 | little endian |
INT24_BE | Signed integer | 24 | big endian |
INT24_LE | Signed integer | 24 | little endian |
INT32_BE | Signed integer | 32 | big endian |
INT32_LE | Signed integer | 32 | little endian |
INT64_BE | Signed integer | 64 | big endian |
INT64_LE* | Signed integer | 64 | little endian |
Float16_BE | IEEE 754 float | 16 | big endian |
Float16_LE | IEEE 754 float | 16 | little endian |
Float32_BE | IEEE 754 float | 32 | big endian |
Float32_LE | IEEE 754 float | 32 | little endian |
Float64_BE | IEEE 754 float | 64 | big endian |
Float64_LE | IEEE 754 float | 64 | little endian |
Float80_BE* | IEEE 754 float | 80 | big endian |
Float80_LE* | IEEE 754 float | 80 | little endian |
(*) The tokens exceed the JavaScript IEEE 754 64-bit Floating Point precision, decoding and encoding is best effort based.
String tokens
StringType decoding is implemented using TextDecoder which supports a large number of encodings including but not limited to:
- UTF-8 (the default)
- Windows-1252
- ISO-8859-1
Check out the MDN web docs for the TextDecoder for a complete list
Custom tokens
Custom tokens can be added, suitable for reading binary files or network messages:
1 ExtendedHeader = {
2 len: 10,
3
4 get: (buf, off) => {
5 return {
6 // Extended header size
7 size: Token.UINT32_BE.get(buf, off),
8 // Extended Flags
9 extendedFlags: Token.UINT16_BE.get(buf, off + 4),
10 // Size of padding
11 sizeOfPadding: Token.UINT32_BE.get(buf, off + 6),
12 // CRC data present
13 crcDataPresent: common.strtokBITSET.get(buf, off + 4, 31)
14 };
15 }
16 };
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
2 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 0 commits out of 24 are checked with a SAST tool
Reason
Found 3/16 approved changesets -- score normalized to 1
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/Borewit/token-types/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/Borewit/token-types/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/Borewit/token-types/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/Borewit/token-types/codeql.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/nodejs-ci.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/Borewit/token-types/nodejs-ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-ci.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/Borewit/token-types/nodejs-ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-ci.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/Borewit/token-types/nodejs-ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-ci.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/Borewit/token-types/nodejs-ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-ci.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/Borewit/token-types/nodejs-ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-ci.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/Borewit/token-types/nodejs-ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-ci.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/Borewit/token-types/nodejs-ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/nodejs-ci.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/Borewit/token-types/nodejs-ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/post-dependabot-prs.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/Borewit/token-types/post-dependabot-prs.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/post-dependabot-prs.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/Borewit/token-types/post-dependabot-prs.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/post-dependabot-prs.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/Borewit/token-types/post-dependabot-prs.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-drafter.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/Borewit/token-types/release-drafter.yml/master?enable=pin
- Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 6 third-party GitHubAction dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:16
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:17
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-drafter.yml:16
- Warn: no topLevel permission defined: .github/workflows/codeql.yml:1
- Warn: no topLevel permission defined: .github/workflows/nodejs-ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/post-dependabot-prs.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/release-drafter.yml:11
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Score
4.2
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More