Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/jsign/go-textile-threads
Textile's threads implementation in Go
Go to the docs for more about Textile.
Join us on our public Slack channel for news, discussions, and status updates. Check out our blog for the latest posts and announcements.
This table provides a brief overview of the features and new benefits built into threads. Status indicates where/when the feature will be implemented (green means it is complete).
Feature | Status | Description |
---|---|---|
Database | ||
Single-writer Logs | complete | Threads use a single writer per log, and logs are ‘combined’ under a given Thread. SWLs make it is easier to add and remove writers and simplify conflict resolution (think of things like Git and Secure Scuttlebutt). One primary benefit of SWLs is that it means you don’t have to bake your conflict resolution strategy into the protocol. Projects that require eventual consistency can use CRDTs, whereas projects that require explicit ordering can use operational transform strategies. |
Multi-layer encryption | complete | Threads use a multi-layered encryption approach, where content, read, and replication capabilities are granted by separately generated keys managed with each log in a Thread. Threads are capable of configurations such as public feeds (single writer), collaborative documents (multiple writers), or mixed documents (multiple writers, multiple readers). Don’t need encryption? No problem, turn it off. |
Networking | ||
Multiaddress logs | complete | Every log in a Thread has a unique multiaddress. Per-log multiaddress allow developers to build logs into new protocols, build the log protocol into new implementations, and integrate with future services. |
Push and pull | testing | Threads peers take advantage of both push (think Pubsub and messaging apps) and pull (think HTTP and call-and-response style protocols) to exchange messages. Thanks to tools like libp2p, each collaborating peer can connect and exchange data with their peers using the mechanisms most suited to their current context (be it mobile, desktop, server, or wrist watch).. |
Scalable, verifiable follow | development | Each thread also contains a pubsub based channel that can be used to serve log updates to pools of followers (and readers). The pubsub channel is particularly useful in cases where there will be many followers that aren't capable of updating a Thread but are interested in reading the updates from the owners. |
Access control | design | Decentralized access control is hard, pretty much by definition. The Threads protocol approaches access control from an agent-centric perspective, which means collaborating peers are in charge of enforcing their access control. But what about when you want to change who can access what in a given Thread? You fork it (think Git/Github)! Think simple mechanism means that access control lists for a given Thread are immutable and easier to enforce, but can change over time as the requirements of a Thread change. |
go get github.com/textileio/go-threads
Go to https://godoc.org/github.com/textileio/go-threads.
The following includes information about libraries built using go-threads.
Name | Status | Platforms | Description |
---|---|---|---|
Thread Clients | |||
js-threads-client | A JavaScript client for threads daemon. | ||
dart-threads-client | A Dart client for threads daemon. | ||
Examples | |||
go-foldersync | An e2e demo to sync data between two golang clients. | ||
js-foldersync | A demo of writing and reading to Collections with the js-threads-client. |
This project is a work in progress. As such, there's a few things you can do right now to help out:
Before you get started, be sure to read our contributors guide and our contributor covenant code of conduct.
Changelog is published to Releases.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.