Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/brenol/trie
Package trie
implements rune-wise and path-wise Tries optimized for Get
performance and to allocate 0 bytes of heap memory (i.e. garbage) per Get
.
A typical use case is to perform any Put
or Delete
operations upfront to populate the trie, then perform Get
operations very quickly. The Tries do not synchronize access (not thread-safe).
When Tries are chosen over maps, it is typically for their space efficiency. However, in situations where direct key lookup is not possible (e.g. routers), tries can provide faster lookups and avoid key iteration.
$ go get github.com/dghubble/trie
Read Godoc
RuneTrie is a typical Trie which segments strings rune-wise (i.e. by unicode code point). These benchmarks perform Puts and Gets of random string keys that are 30 bytes long and of random '/' separated paths that have 3 parts and are 30 bytes long (longer if you count the '/' seps).
BenchmarkRuneTriePutStringKey-8 3000000 437 ns/op 9 B/op 1 allocs/op
BenchmarkRuneTrieGetStringKey-8 3000000 411 ns/op 0 B/op 0 allocs/op
BenchmarkRuneTriePutPathKey-8 3000000 464 ns/op 9 B/op 1 allocs/op
BenchmarkRuneTrieGetPathKey-8 3000000 429 ns/op 0 B/op 0 allocs/op
PathTrie segments strings by forward slash separators which can boost performance for some use cases. These benchmarks perform Puts and Gets of random string keys that are 30 bytes long and of random '/' separated paths that have 3 parts and are 30 bytes long (longer if you count the '/' seps).
BenchmarkPathTriePutStringKey-8 30000000 55.5 ns/op 8 B/op 1 allocs/op
BenchmarkPathTrieGetStringKey-8 50000000 37.9 ns/op 0 B/op 0 allocs/op
BenchmarkPathTriePutPathKey-8 20000000 88.7 ns/op 8 B/op 1 allocs/op
BenchmarkPathTrieGetPathKey-8 20000000 68.6 ns/op 0 B/op 0 allocs/op
Note that for random string Puts and Gets, the PathTrie is effectively a map as every node is a direct child of the root (except for strings that happen to have a slash).
This benchmark measures the performance of the PathSegmenter alone. It is used to segment random paths that have 3 '/' separated parts and are 30 bytes long.
BenchmarkPathSegmenter-8 50000000 32.0 ns/op 0 B/op 0 allocs/op
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.