@amplitude/rrweb-packer
★
★
★
★
★
3
reviews
`@rrweb/packer` is a tool to compress rrweb events into a smaller size.
100
Security
56
Quality
57
Maintenance
74
Overall
v2.0.0-alpha.35
npm
JavaScript
Jan 6, 2026
No Known Issues
This package has a good security score with no known vulnerabilities.
19206
GitHub Stars
3.0/5
Avg Rating
Community Reviews
CAUTION
Functional compression utility hampered by alpha status and minimal documentation
The @amplitude/rrweb-packer provides straightforward compression/decompression for rrweb session replay events using the `pack()` and `unpack()` functions. The API surface is minimal—essentially two methods—which makes it easy to integrate once you understand what it does. However, the package sits at version 2.0.0-alpha.35, which immediately raises stability concerns for production use.
Documentation is sparse at best. The README provides basic usage examples, but there's little explanation of the compression algorithm used, size reduction expectations, or performance characteristics. TypeScript definitions exist and work adequately for the simple API, but you won't get much help understanding edge cases or error scenarios. Error handling is basic—invalid input will throw, but error messages aren't particularly helpful for debugging.
The package does what it claims: it compresses rrweb events and reduces payload sizes. For teams already committed to the Amplitude/rrweb ecosystem and needing compression, it integrates smoothly. However, the alpha status, limited documentation, and lack of guidance on migration paths make it feel incomplete for mission-critical implementations.
Documentation is sparse at best. The README provides basic usage examples, but there's little explanation of the compression algorithm used, size reduction expectations, or performance characteristics. TypeScript definitions exist and work adequately for the simple API, but you won't get much help understanding edge cases or error scenarios. Error handling is basic—invalid input will throw, but error messages aren't particularly helpful for debugging.
The package does what it claims: it compresses rrweb events and reduces payload sizes. For teams already committed to the Amplitude/rrweb ecosystem and needing compression, it integrates smoothly. However, the alpha status, limited documentation, and lack of guidance on migration paths make it feel incomplete for mission-critical implementations.
Extremely simple API with just pack() and unpack() methods
TypeScript definitions included and functional for basic usage
Integrates seamlessly with rrweb event structures
Achieves meaningful compression on typical session replay payloads
Perpetual alpha status (2.0.0-alpha.35) signals instability concerns
Minimal documentation with no performance characteristics or algorithm details
Error messages provide little context for debugging compression failures
Best for: Teams already using rrweb for session replay who need simple event compression and can tolerate alpha-stage packages.
Avoid if: You need production-stable dependencies, comprehensive documentation, or are evaluating session replay solutions from scratch.
CAUTION
Functional but alpha-quality: minimal docs and rough DX edges
The @amplitude/rrweb-packer does what it promises—compressing rrweb session replay events using pack() and unpack() functions. The API surface is refreshingly simple: import the functions, pass your events, get compressed output. TypeScript definitions exist and work adequately for basic usage.
However, the alpha version status shows. Documentation is practically nonexistent beyond a basic README. There are no inline JSDoc comments to guide IDE users, making it unclear what format pack() expects or returns without diving into source code. Error messages are generic JavaScript errors rather than actionable guidance when you pass malformed data.
The migration path from @rrweb/packer (the original) to this Amplitude fork is undocumented, which is problematic if you're upgrading existing implementations. For a utility package that should "just work," you'll spend more time than expected figuring out integration details through trial and error.
However, the alpha version status shows. Documentation is practically nonexistent beyond a basic README. There are no inline JSDoc comments to guide IDE users, making it unclear what format pack() expects or returns without diving into source code. Error messages are generic JavaScript errors rather than actionable guidance when you pass malformed data.
The migration path from @rrweb/packer (the original) to this Amplitude fork is undocumented, which is problematic if you're upgrading existing implementations. For a utility package that should "just work," you'll spend more time than expected figuring out integration details through trial and error.
Simple two-function API (pack/unpack) that's easy to understand conceptually
TypeScript definitions included with basic type safety
Effective compression reduces rrweb event payload sizes significantly
No external dependencies beyond rrweb types
Alpha version stability concerns with frequent breaking changes possible
Sparse documentation with no usage examples or integration guides
Generic error messages provide little debugging context
No JSDoc comments for IDE inline documentation support
Best for: Teams already invested in Amplitude's rrweb ecosystem who need basic event compression and can tolerate alpha-quality tooling.
Avoid if: You need production-stable dependencies with comprehensive documentation or are looking for a well-supported compression solution.
CAUTION
Functional compression utility but alpha maturity raises security concerns
This package does what it says - compresses rrweb event streams using pako (zlib). The API is straightforward with pack() and unpack() methods that handle binary data conversion transparently. In practice, it reduces session replay payloads by 60-80%, which is significant for bandwidth and storage.
The security concerns are notable though. Being an alpha release (2.0.0-alpha.35) in production is risky from a stability and security maintenance perspective. The package has minimal input validation - it expects well-formed rrweb events but doesn't deeply validate structure before compression, which could lead to issues if untrusted data flows through. Error handling is basic; exceptions from pako bubble up without sanitization, potentially exposing implementation details. No built-in safeguards against compression bombs or payload size limits exist.
Dependency-wise, it's lean (mainly pako), which limits supply chain exposure. However, the alpha status means CVE response patterns are unproven. For session replay data containing PII, you'll need to implement your own validation and sanitization layers before compression.
The security concerns are notable though. Being an alpha release (2.0.0-alpha.35) in production is risky from a stability and security maintenance perspective. The package has minimal input validation - it expects well-formed rrweb events but doesn't deeply validate structure before compression, which could lead to issues if untrusted data flows through. Error handling is basic; exceptions from pako bubble up without sanitization, potentially exposing implementation details. No built-in safeguards against compression bombs or payload size limits exist.
Dependency-wise, it's lean (mainly pako), which limits supply chain exposure. However, the alpha status means CVE response patterns are unproven. For session replay data containing PII, you'll need to implement your own validation and sanitization layers before compression.
Simple synchronous API with pack/unpack methods that handle base64 encoding internally
Achieves 60-80% payload size reduction on typical rrweb event streams
Minimal dependency footprint reduces supply chain attack surface
Works consistently across Node.js and browser environments
Alpha release status creates uncertainty around security maintenance and breaking changes
No input validation or size limits to prevent compression bombs or malformed data
Error messages from underlying pako library can leak implementation details
Lacks secure-by-default protections for handling sensitive session replay data
Best for: Internal tools or controlled environments where you can wrap it with additional validation and security layers.
Avoid if: You need production-grade stability, handle untrusted input, or require compliance-ready session replay compression without building your own security controls.
Write a Review
Sign in to write a review
Sign In
Dependencies
Used By