npm - simple-ffmpegjs - Versions diffs - 0.2.0 → 0.3.0 - Mend

simple-ffmpegjs 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/README.md +706 -34
package/package.json +3 -4
package/src/core/constants.js +33 -0
package/src/core/media_info.js +141 -66
package/src/core/rotation.js +76 -7
package/src/core/validation.js +758 -145
package/src/ffmpeg/command_builder.js +17 -6
package/src/ffmpeg/strings.js +52 -2
package/src/ffmpeg/subtitle_builder.js +707 -0
package/src/ffmpeg/text_passes.js +41 -5
package/src/ffmpeg/text_renderer.js +149 -11
package/src/ffmpeg/video_builder.js +3 -1
package/src/ffmpeg/watermark_builder.js +411 -0
package/src/loaders.js +81 -7
package/src/simpleffmpeg.js +604 -62
package/types/index.d.mts +266 -7
package/types/index.d.ts +305 -9
package/assets/example-thumbnail.jpg +0 -0

package/src/ffmpeg/command_builder.js CHANGED Viewed

@@ -1,3 +1,14 @@
+const os = require("os");
+const { escapeFilePath } = require("./strings");
+/**
+ * Get the null device path for the current platform
+ * @returns {string} '/dev/null' on Unix, 'NUL' on Windows
+ */
+function getNullDevice() {
+  return os.platform() === "win32" ? "NUL" : "/dev/null";
+}
 /**
  * Build the main FFmpeg export command
  */
@@ -77,7 +88,7 @@ function buildMainCommand({
     if (twoPass && passNumber) {
       cmd += `-pass ${passNumber} `;
       if (passLogFile) {
-        cmd += `-passlogfile "${passLogFile}" `;
+        cmd += `-passlogfile "${escapeFilePath(passLogFile)}" `;
       }
     }
@@ -112,7 +123,7 @@ function buildMainCommand({
   // For two-pass first pass, output to null
   if (twoPass && passNumber === 1) {
-    cmd += "-f null /dev/null";
+    cmd += `-f null ${getNullDevice()}`;
     return cmd;
   }
@@ -148,7 +159,7 @@ function buildMainCommand({
     }
   }
-  cmd += `"${outputPath}"`;
+  cmd += `"${escapeFilePath(outputPath)}"`;
   return cmd;
 }
@@ -163,14 +174,14 @@ function buildTextBatchCommand({
   intermediateCrf,
   outputPath,
 }) {
-  return `ffmpeg -y -i "${inputPath}" -filter_complex "[0:v]null[invid];${filterString}" -map "[outVideoAndText]" -map 0:a? -c:v ${intermediateVideoCodec} -preset ${intermediatePreset} -crf ${intermediateCrf} -c:a copy -movflags +faststart "${outputPath}"`;
+  return `ffmpeg -y -i "${escapeFilePath(inputPath)}" -filter_complex "[0:v]null[invid];${filterString}" -map "[outVideoAndText]" -map 0:a? -c:v ${intermediateVideoCodec} -preset ${intermediatePreset} -crf ${intermediateCrf} -c:a copy -movflags +faststart "${escapeFilePath(outputPath)}"`;
 }
 /**
  * Build command to generate a thumbnail
  */
 function buildThumbnailCommand({ inputPath, outputPath, time, width, height }) {
-  let cmd = `ffmpeg -y -ss ${time} -i "${inputPath}" -vframes 1 `;
+  let cmd = `ffmpeg -y -ss ${time} -i "${escapeFilePath(inputPath)}" -vframes 1 `;
   if (width || height) {
     const w = width || -1;
@@ -178,7 +189,7 @@ function buildThumbnailCommand({ inputPath, outputPath, time, width, height }) {
     cmd += `-vf "scale=${w}:${h}" `;
   }
-  cmd += `"${outputPath}"`;
+  cmd += `"${escapeFilePath(outputPath)}"`;
   return cmd;
 }

package/src/ffmpeg/strings.js CHANGED Viewed

@@ -2,9 +2,52 @@ function escapeSingleQuotes(text) {
   return String(text).replace(/'/g, "\\'");
 }
+/**
+ * Escape a file path for use in FFmpeg command line arguments.
+ * Prevents command injection by escaping quotes and backslashes.
+ * @param {string} filePath - The file path to escape
+ * @returns {string} Escaped file path safe for use in double-quoted command strings
+ */
+function escapeFilePath(filePath) {
+  if (typeof filePath !== "string") return "";
+  // Escape backslashes first, then double quotes
+  // This makes the path safe for use inside double-quoted shell strings
+  return filePath.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+}
+/**
+ * Check if text contains characters that are problematic for FFmpeg's
+ * drawtext filter and should use the textfile approach instead.
+ */
+function hasProblematicChars(text) {
+  if (typeof text !== "string") return false;
+  // These characters cannot be reliably escaped in filter_complex parsing
+  // when passed through shell double-quoting
+  return /[,;{}\[\]"]/.test(text);
+}
 function escapeDrawtextText(text) {
   if (typeof text !== "string") return "";
-  return text.replace(/\\/g, "\\\\").replace(/'/g, "\\'").replace(/:/g, "\\:");
+  // Escape characters that have special meaning in FFmpeg drawtext filter
+  // AND characters that break shell parsing (since filter_complex is double-quoted)
+  return text
+    .replace(/\\/g, "\\\\") // Escape backslashes first
+    .replace(/'/g, "\\'") // Escape single quotes (text delimiter)
+    .replace(/"/g, '\\"') // Escape double quotes (shell safety)
+    .replace(/:/g, "\\:") // Escape colons (option separator)
+    .replace(/\n/g, " ") // Replace newlines with space (multiline not supported)
+    .replace(/\r/g, ""); // Remove carriage returns
+}
+/**
+ * Escape a file path for use in FFmpeg filters (Windows paths need special handling)
+ */
+function escapeTextFilePath(filePath) {
+  if (typeof filePath !== "string") return "";
+  // FFmpeg on Windows needs forward slashes and escaped colons
+  return filePath
+    .replace(/\\/g, "/") // Convert backslashes to forward slashes
+    .replace(/:/g, "\\:"); // Escape colons (for Windows drive letters)
 }
 function getClipAudioString(clip, inputIndex) {
@@ -18,4 +61,11 @@ function getClipAudioString(clip, inputIndex) {
   return { audioStringPart, audioConcatInput };
 }
-module.exports = { escapeSingleQuotes, escapeDrawtextText, getClipAudioString };
+module.exports = {
+  escapeSingleQuotes,
+  escapeFilePath,
+  escapeDrawtextText,
+  getClipAudioString,
+  hasProblematicChars,
+  escapeTextFilePath,
+};