Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/amp-org-space/amp-sdk-go
A fully provisioned solution for files, media, and 3D asset sharing and deployment we can all agree on.
art.media.platform "Amp" is a potent 3D client-to-infrastructure aid that provides a secure, scalable, and extensible runtime for 3D applications. It supports 3D and media-centric apps with pluggable infrastructure, and allows artists, publishers, creators, and organizations to control asset deployments and experiences within high-fidelity spatial or geographic environments.
Secure, "turn-key" support for:
Direct integration with Unity and Unreal by embedding Amp's Go native library that your 3D app invokes through convenient bindings.
A lightweight, stand-alone "headless" executable named amp.host
that offers federated and decentralized support and storage options.
Amp bridges native 3D apps to system, network, and infrastructure services, solving key problems.
Traditional file and asset management systems are inadequate when there are hundreds or thousands of assets to organize, experience, or review. Teams often resort to makeshift solutions for collaboration and sharing which compromise efficiency and security.
Teams often collaborate over large file sets, yet they deploy using production systems that are entirely different from their development workflows. Many sharing and collaboration solutions exist, but they lack first-class spatial linking and native 3D content integration while suffering from inflexible, confining web or OS-based user experiences.
Meanwhile, web-based 3D frameworks such as three.js do not compare to native Unreal and Unity experiences and offer no path for real-world asset deployments. For example, 3D experiences require asset deployments often exceeding many gigabytes and are impossible through a web-based approach. Worse, web stacks pose many blockers that publishers have little or no ability to address, such as texturing features, performance potholes, scene management, and AI support.
art.media.platform is a bridge and toolbox that allows 3D app developers to focus on their core value proposition. It offers rich support for persistent state, user interfaces, and content immersion and allows you to break free of limiting web or OS infrastructure. Teams, leads, designers, artists, organizers, and ultimately consumers need better tools to richly and safely share assets.
This stack makes infrastructure more accessible through spatial idioms — and web is no exception. Amp offers support for integrated, in-app web browsing that pairs powerfully with spatial linking. Frameworks such as Webview are just another component in the Amp client, allowing your app to have an embedded web browser out of the box. This allows URLs and web experiences to be linked spatially or from multiple map locations.
Geographic and spatial-centric applications such as GIS, CAD, and BIM, are everywhere in modern construction, contracting, and real-time logistics. Amp's 3D client natively integrates maps and locations, allowing you to unify location-based linking, spatially precise environments, and first-class 3D asset integration.
The less obvious value of Amp is its extensibility. The amp.App
interface is flexible and unrestricted, allowing you to expose anything compatible with Go. This means any Go, C, C++, or any native static or dynamic module can be wrapped and push a 3D-native UX (with stock or custom assets).
This repo is lightweight and dependency-free so it can be added to your project without consequence.
At a high level:
amp.App
.amp.App
, similar to how a library in a C project registers a static or dynamic dependency.amp.host
with your additions embedded within it.amp.host.lib
and add the Amp UX runtime support glue.amp.Host
instantiates registered amp.App
instances as needed. During runtime, amp.host.lib
dispatches URL requests addressed to your app and are "pinned".Previous generations of this framework went into production in 2019 to become PLAN 3D. This overall architecture, though ambitious, continues to accurately describe many purposes of this framework.
In a world increasingly vulnerable to AI-assisted exploits, Amp's security model prioritizes security and privacy. It uses a container-based approach to ensure state-grade protection while the client runtime supports rich, native 3D experiences.
api.tag.go | versatile tagging and hash scheme that is AI and search friendly |
api.task.go | goroutine wrapper inspired by a conventional parent-child process model |
api.app.go | defines how state is requested, pushed, and merged |
api.host.go | types and interfaces that amp.host / amp.host implements |
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.