Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/bufbuild/buf
The buf
CLI is the best tool for working with Protocol Buffers. It provides:
You can install buf
using Homebrew (macOS or Linux):
brew install bufbuild/buf/buf
This installs:
buf
, protoc-gen-buf-breaking
, and protoc-gen-buf-lint
binariesFor other installation methods, see our official documentation, which covers:
buf
via npmbuf
on Windowsbuf
as a Docker imageBuf's help interface provides summaries for commands and flags:
buf --help
For more comprehensive usage information, consult Buf's documentation, especially these guides:
buf breaking
buf build
buf generate
buf lint
buf format
buf registry
(for using the BSR)We will never make breaking changes within a given major version of the CLI. After buf
reached v1.0, you can expect no breaking changes until v2.0. But as we have no plans to ever release a v2.0, we will likely never break the buf
CLI.
This breaking change policy does not apply to commands behind the
buf beta
gate, and you should expect breaking changes to commands likebuf beta registry
. The policy does go into effect, however, when those commands or flags are elevated out of beta.
Buf's goal is to replace the current paradigm of API development, centered around REST/JSON, with a schema-driven paradigm. Defining APIs using an IDL provides numerous benefits over REST/JSON, and Protobuf is by far the most stable and widely adopted IDL in the industry. We've chosen to build on this widely trusted foundation rather than creating a new IDL from scratch.
But despite its technical merits, actually using Protobuf has long been more challenging than it needs to be. The Buf CLI and the BSR are the cornerstones of our effort to change that for good and to make Protobuf reliable and easy to use for service owners and clients alike—in other words, to create a modern Protobuf ecosystem.
While we intend to incrementally improve on the buf
CLI and the BSR, we're confident that the basic groundwork for such an ecosystem is already in place.
The Buf Schema Registry (BSR) is a SaaS platform for managing your Protobuf APIs. It provides a centralized registry and a single source of truth for all of your Protobuf assets, including not just your .proto
files but also remote plugins. Although the BSR provides an intuitive browser UI, buf
enables you to perform most BSR-related tasks from the command line, such as pushing Protobuf sources to the registry and managing users and repositories.
The BSR is not required to use
buf
. We've made the core features of thebuf
CLI available to all Protobuf users.
While buf
's core features should cover most use cases, we've included some more advanced features to cover edge cases:
.proto
files in accordance with your supplied build configuration, which means that you no longer need to manually specify --proto_paths
. You can still, however, specify .proto
files manually through CLI flags in cases where file discovery needs to be disabled.buf
outputs information in file:line:column:message
form by default for each lint error and breaking change it encounters, but you can also select JSON, MSVS, JUnit, and Github Actions output.buf
's granular error output. We currently provide linting integrations for both Vim and Visual Studio Code and JetBrains IDEs like IntelliJ and GoLand, but we plan to support other editors such as Emacs in the future..proto
files but also against a broad range of other Inputs, such as tarballs and ZIP files, remote Git repositories, and pre-built image files.protoc
. This allows for near-instantaneous feedback, which is of special importance for features like editor integration.Once you've installed buf
, we recommend completing the CLI tutorial, which provides a broad but hands-on overview of the core functionality of the CLI. The tour takes about 10 minutes to complete.
After completing the tour, check out the remainder of the docs for your specific areas of interest.
For help and discussion around Protobuf, best practices, and more, join us on Slack.
For updates on the Buf CLI, follow this repo on GitHub.
For feature requests, bugs, or technical questions, email us at dev@buf.build. For general inquiries or inclusion in our upcoming feature betas, email us at info@buf.build.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.