Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
github.com/emccode/libstorage
libStorage
provides a vendor agnostic storage orchestration model, API, and
reference client and server implementations.
libStorage
enables storage consumption by leveraging methods commonly
available, locally and/or externally, to an operating system (OS).
The libStorage
project and its architecture represents a culmination of
experience gained from the project authors' building of
several
different
storage
orchestration tools. While created using
different languages and targeting disparate storage platforms, all the tools
were architecturally aligned and embedded functionality directly inside the
tools and affected storage platforms.
This shared design goal enabled tools that natively consumed storage, sans external dependencies.
Today libStorage
focuses on adding value to container runtimes and storage
orchestration tools such as Docker
and Mesos
, however the libStorage
framework is available abstractly for more general usage across:
The client side implementation, focused on operating system activities, has a minimal set of dependencies in order to avoid a large, runtime footprint.
Today there are many storage orchestration and abstraction tools relevant to container runtimes. These tools often must be installed locally and run alongside the container runtime.
The solid green lines represent active communication paths. The dotted black lines represent passive paths. The orange volume represents a operating system device and volume path available to the container runtime.
Embedding libStorage
client and server components enable container
runtimes to communicate directly with storage platforms, the ideal
architecture. This design requires minimal operational dependencies and is
still able to provide volume management for container runtimes.
In a centralized architecture, libStorage
is hosted as a service, acting as a
go-between for container runtimes and backend storage platforms.
The libStorage
endpoint is advertised by a tool like REX-Ray, run from anywhere, and is
responsible for all control plane operations to the storage platform along with
maintaining escalated credentials for these platforms. All client based
processes within the operating system are still embedded in the container
runtime.
Similar to the centralized architecture, this implementation design involves
running a separate libStorage
process alongside each container runtime, across
one or several hosts.
Central to libStorage
is the HTTP
/JSON
API. It defines the control plane
calls that occur between the client and server. While the libStorage
package
includes reference implementations of the client and server written using Go,
both the client and server could be written using any language as long as both
adhere to the published libStorage
API.
The libStorage
client is responsible for discovering a host's instance ID
and the next, available device name. The client's reference implementation is
written using Go and is compatible with C++.
The design goal of the client is to be lightweight, portable, and avoid obsolescence by minimizing dependencies and focusing on deferring as much of the logic as possible to the server.
The libStorage
server implements the libStorage
API and is responsible for
coordinating requests between clients and backend orchestration packages. The
server's reference implementation is also written using Go.
The libStorage
model
defines several data structures that are easily represented using Go structs or
a portable format such as JSON.
The libStorage
documentation is available at
libstorage.rtfd.org.
The libStorage
project is licensed to you under the Apache License, Version 2.0. Please reference the LICENSE file for additional information.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.