Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
github.com/bazelbuild/remote-apis
This repository contains a collection of APIs which work together to enable large scale distributed execution and caching on source code and other inputs. It describes how to upload inputs, request the execution, monitor for results, and cache those results. It's overall aim is to enable large scale parallel executions that wouldn't be feasible on a single system, while minimizing the amount of uploads and executions needed by storing data in a content-addressable format and caching results.
The Remote Execution API is an API that, at its most general, allows clients to request execution of binaries on a remote system. It is intended primarily for use by build systems, such as Bazel, to distribute build and test actions through a worker pool, and also provide a central cache of build results. This allows builds to execute faster, both by reusing results already built by other clients and by allowing many actions to be executed in parallel, in excess of the resource limits of the machine running the build.
The Remote Asset API is an API to associate Qualifiers and URIs to Digests stored in Content Addressable Storage. It is primary intended to allow clients to use semantically relevant identifiers, such as a git repository or tarball location, to get the corresponding Digest. This mapping may be pushed by a client directly, or dynamically resolved and added to CAS by the asset server when fetched by a client.
The Remote Logstream API is an API supporting ordered reads and writes of LogStream
resources. It is intented primarily for streaming the stdout and stderr of ongoing Action
executions, enabling clients to view them while the Action is executing instead of waiting
for it's completion.
There are a number of clients and services using these APIs, they are listed below.
These tools use the Remote Execution API to distribute builds to workers.
These applications implement the Remote Execution API to serve build requests from the clients above.
--compatible
, open source)Servers generally distribute work to a fleet of workers. The Remote Worker API defines a generic protocol for worker and server communication, although, this API is considered too heavyweight for most use-cases. Because of that, many implementations have designed their own protocols. Links to these APIs are provided as a reference below. Adhering to any one of these protocols is not a requirement.
The Remote Execution APIs group hosts discussions related to the APIs in this repository.
Interested parties meet monthly via VC to discuss issues related to the APIs, and several contributors have organized occasional meetups, hack-a-thons, and summits. Joining the email discussion group will automatically add you to the Google Calendar invite for the monthly meeting.
The APIs in this repository refer to several general-purpose APIs published by
Google in the Google APIs
repository. You will need to refer to
packages from that repository in order to generate code using this API. If you
build the repository using the included BUILD
files, Bazel will fetch the
protobuf compiler and googleapis automatically.
The repository contains BUILD
files to build the protobuf library with
Bazel. If you wish to use them with your own project in
Bazel, you will possibly want to declare cc_proto_library
,
java_proto_library
, etc. rules that depend on them.
Other build systems will have to run protoc on the protobuf files, and link in the googleapis and well-known proto types, manually.
This repository contains the generated Go code for interacting with the API via gRPC. Get it with:
go get github.com/bazelbuild/remote-apis
Import it with, for example:
repb "github.com/bazelbuild/remote-apis/build/bazel/remote/execution/v2"
Enable the git hooks to automatically generate Go proto code on commit:
git config core.hooksPath hooks/
This is a local setting, so applies only to this repository.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.