{"id":14471,"library":"buffer-builder","title":"Buffer Builder","description":"This package, `buffer-builder`, provides a utility for incrementally constructing a Node.js `Buffer` without prior knowledge of its final size. It offers methods to append strings, existing buffers, and various integer/float types (e.g., `appendUInt32LE`, `appendFloatBE), as well as a byte fill operation. The current stable version is 0.2.0, last published over a decade ago in January 2015. Due to its age, it directly relies on the now-deprecated `new Buffer()` constructor, which poses significant security and usability issues in modern Node.js environments. This package is effectively abandoned, with no active development or updates to address compatibility with contemporary Node.js Buffer APIs (like `Buffer.from`, `Buffer.alloc`). Developers seeking similar functionality should consider actively maintained alternatives or Node.js's built-in `Buffer.concat` with an array of smaller buffers.","status":"abandoned","version":"0.2.0","language":"javascript","source_language":"en","source_url":"http://github.com/PeterReid/node-buffer-builder","tags":["javascript","buffer-builder","buffer"],"install":[{"cmd":"npm install buffer-builder","lang":"bash","label":"npm"},{"cmd":"yarn add buffer-builder","lang":"bash","label":"yarn"},{"cmd":"pnpm add buffer-builder","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"While CommonJS `require` is shown in the original documentation, modern Node.js projects typically use ESM `import`. This package was published before widespread ESM adoption, so direct ESM compatibility may be limited without a transpilation layer. However, Node.js allows `import` of CJS modules.","wrong":"const BufferBuilder = require('buffer-builder');","symbol":"BufferBuilder","correct":"import BufferBuilder from 'buffer-builder';"},{"note":"This package relies heavily on the global `Buffer` object or `require('buffer')`. For explicit import and modern Node.js practices, use `import { Buffer } from 'node:buffer';`. Be aware that the package's internal use of `new Buffer()` is deprecated.","wrong":"const Buffer = require('buffer');","symbol":"Buffer","correct":"import { Buffer } from 'node:buffer';"}],"quickstart":{"code":"import BufferBuilder from 'buffer-builder';\nimport { Buffer } from 'node:buffer';\n\nconst helloWorld = new BufferBuilder();\n\n// Append a string, utf8 encoded by default.\nhelloWorld.appendString('hello');\n\n// Append any type that Buffer has read and write functions for.\nhelloWorld.appendUInt16LE(0x7720);\n\n// Append a buffer - using Buffer.from() for modern Node.js compatibility\nhelloWorld.appendBuffer(Buffer.from([111, 114, 108, 100]));\n\n// Appended a repetition of a byte\nhelloWorld.appendFill(33, 3);\n\n// Convert to an ordinary buffer\nconst buffer = helloWorld.get();\n\nconsole.log(buffer.toString()); // Expected: hello world!!!","lang":"javascript","description":"Demonstrates initializing BufferBuilder, appending various data types, and retrieving the final Buffer, updated for modern Node.js Buffer API usage."},"warnings":[{"fix":"This package is effectively abandoned. For projects requiring Node.js v10+, consider alternative buffer building libraries or use native `Buffer.alloc()`, `Buffer.from()`, and `Buffer.concat()` with an array of buffers. If you must use this package with older Node.js versions, ensure your project's Node.js runtime is <10.0.0.","message":"The `buffer-builder` package internally uses `new Buffer()`, which was deprecated in Node.js v6.0.0 and removed in v10.0.0. Using this package with Node.js v10 or newer will cause runtime errors because `Buffer` is no longer a constructor.","severity":"breaking","affected_versions":">=10.0.0"},{"fix":"It is strongly recommended to migrate away from this package to actively maintained alternatives. If unable to migrate, thoroughly audit the package for security vulnerabilities and test rigorously with your specific Node.js version.","message":"The package has not been updated since January 2015, making it highly susceptible to compatibility issues with newer Node.js versions, security vulnerabilities discovered since its last release, and lack of modern JavaScript features (e.g., ESM).","severity":"gotcha","affected_versions":">=0.2.0"},{"fix":"Always use `Buffer.from()` when creating a buffer from data (e.g., `Buffer.from([111, 114, 108, 100])`) or `Buffer.alloc()` for a zero-filled buffer of a specific size (e.g., `Buffer.alloc(10)`). The quickstart code reflects this change.","message":"The documentation's usage example uses `new Buffer([...])`. This method creates an uninitialized buffer which can expose sensitive memory contents and is a security risk.","severity":"deprecated","affected_versions":">=0.2.0"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"This package is incompatible with Node.js v10+. Either downgrade your Node.js version (not recommended) or replace `buffer-builder` with an actively maintained alternative that uses `Buffer.from()` or `Buffer.alloc()`.","cause":"Attempting to instantiate `Buffer` using `new Buffer()` in Node.js v10.0.0 or later, which removed the `Buffer` constructor. This package internally uses `new Buffer()` which leads to this error.","error":"TypeError: Buffer is not a constructor"},{"fix":"This warning indicates the package uses an outdated and potentially insecure API. While it might still function, it's a strong signal to migrate to a modern, actively maintained buffer building library to avoid future breaking changes and security risks. You can suppress the warning with `--no-deprecation` but this is not recommended.","cause":"Running `buffer-builder` with Node.js v6.0.0 through v9.x.x. The package uses `new Buffer()` which is formally deprecated during this range.","error":"(node:XXXX) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead."}],"ecosystem":"npm"}