Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/ltcsuite/ltcwallet/walletdb
[] (https://travis-ci.org/ltcsuite/ltcwallet)
Package walletdb provides a namespaced database interface for ltcwallet.
A wallet essentially consists of a multitude of stored data such as private and public keys, key derivation bits, pay-to-script-hash scripts, and various metadata. One of the issues with many wallets is they are tightly integrated. Designing a wallet with loosely coupled components that provide specific functionality is ideal, however it presents a challenge in regards to data storage since each component needs to store its own data without knowing the internals of other components or breaking atomicity.
This package solves this issue by providing a namespaced database interface that is intended to be used by the main wallet daemon. This allows the potential for any backend database type with a suitable driver. Each component, which will typically be a package, can then implement various functionality such as address management, voting pools, and colored coin metadata in their own namespace without having to worry about conflicts with other packages even though they are sharing the same database that is managed by the wallet.
A suite of tests is provided to ensure proper functionality. See
test_coverage.txt
for the gocov coverage report. Alternatively, if you are
running a POSIX OS, you can run the cov_report.sh
script for a real-time
report. Package walletdb is licensed under the copyfree ISC license.
This interfaces provided by this package were heavily inspired by the excellent boltdb project at https://github.com/boltdb/bolt by Ben B. Johnson.
[] (http://godoc.org/github.com/ltcsuite/ltcwallet/walletdb)
Full go doc
style documentation for the project can be viewed online without
installing this package by using the GoDoc site here:
http://godoc.org/github.com/ltcsuite/ltcwallet/walletdb
You can also view the documentation locally once the package is installed with
the godoc
tool by running godoc -http=":6060"
and pointing your browser to
http://localhost:6060/pkg/github.com/ltcsuite/ltcwallet/walletdb
$ go get github.com/ltcsuite/ltcwallet/walletdb
Package walletdb is licensed under the copyfree ISC License.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.