Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/mathewdgardner/benthos/v4
Benthos is a high performance and resilient stream processor, able to connect various sources and sinks in a range of brokering patterns and perform hydration, enrichments, transformations and filters on payloads.
It comes with a powerful mapping language, is easy to deploy and monitor, and ready to drop into your pipeline either as a static binary, docker image, or serverless function, making it cloud native as heck.
Benthos is declarative, with stream pipelines defined in as few as a single config file, allowing you to specify connectors and a list of processing stages:
input:
gcp_pubsub:
project: foo
subscription: bar
pipeline:
processors:
- bloblang: |
root.message = this
root.meta.link_count = this.links.length()
root.user.age = this.user.age.number()
output:
redis_streams:
url: tcp://TODO:6379
stream: baz
max_in_flight: 20
Delivery guarantees can be a dodgy subject. Benthos processes and acknowledges messages using an in-process transaction model with no need for any disk persisted state, so when connecting to at-least-once sources and sinks it's able to guarantee at-least-once delivery even in the event of crashes, disk corruption, or other unexpected server faults.
This behaviour is the default and free of caveats, which also makes deploying and scaling Benthos much simpler.
AWS (DynamoDB, Kinesis, S3, SQS, SNS), Azure (Blob storage, Queue storage, Table storage), GCP (Pub/Sub, Cloud storage, Big query), Kafka, NATS (JetStream, Streaming), NSQ, MQTT, AMQP 0.91 (RabbitMQ), AMQP 1, Redis (streams, list, pubsub, hashes), Cassandra, Elasticsearch, HDFS, HTTP (server and client, including websockets), MongoDB, SQL (MySQL, PostgreSQL, Clickhouse, MSSQL), and many more.
Connectors are being added constantly, if something you want is missing then open an issue.
If you want to dive fully into Benthos then don't waste your time in this dump, check out the documentation site.
For guidance on how to configure more advanced stream processing concepts such as stream joins, enrichment workflows, etc, check out the cookbooks section.
For guidance on building your own custom plugins in Go check out the public APIs.
Grab a binary for your OS from here. Or use this script:
curl -Lsf https://sh.benthos.dev | bash
Or pull the docker image:
docker pull jeffail/benthos
Benthos can also be installed via Homebrew:
brew install benthos
For more information check out the getting started guide.
benthos -c ./config.yaml
Or, with docker:
# Using a config file
docker run --rm -v /path/to/your/config.yaml:/benthos.yaml jeffail/benthos
# Using a series of -s flags
docker run --rm -p 4195:4195 jeffail/benthos \
-s "input.type=http_server" \
-s "output.type=kafka" \
-s "output.kafka.addresses=kafka-server:9092" \
-s "output.kafka.topic=benthos_topic"
Benthos serves two HTTP endpoints for health checks:
/ping
can be used as a liveness probe as it always returns a 200./ready
can be used as a readiness probe as it serves a 200 only when both the input and output are connected, otherwise a 503 is returned.Benthos exposes lots of metrics either to Statsd, Prometheus or for debugging purposes an HTTP endpoint that returns a JSON formatted object.
Benthos also emits tracing events to a tracer of your choice (currently only Jaeger is supported) which can be used to visualise the processors within a pipeline.
Benthos provides lots of tools for making configuration discovery, debugging and organisation easy. You can read about them here.
Build with Go (1.16 or later):
git clone git@github.com:benthosdev/benthos
cd benthos
make
Benthos uses golangci-lint for linting, which you can install with:
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
And then run it with make lint
.
It's pretty easy to write your own custom plugins for Benthos in Go, for information check out the API docs, and for inspiration there's an example repo demonstrating a variety of plugin implementations.
By default Benthos does not build with components that require linking to external libraries, such as the zmq4
input and outputs. If you wish to build Benthos locally with these dependencies then set the build tag x_benthos_extra
:
# With go
go install -tags "x_benthos_extra" github.com/benthosdev/benthos/v4/cmd/benthos@latest
# Using make
make TAGS=x_benthos_extra
Note that this tag may change or be broken out into granular tags for individual components outside of major version releases. If you attempt a build and these dependencies are not present you'll see error messages such as ld: library not found for -lzmq
.
There's a multi-stage Dockerfile
for creating a Benthos docker image which results in a minimal image from scratch. You can build it with:
make docker
Then use the image:
docker run --rm \
-v /path/to/your/benthos.yaml:/config.yaml \
-v /tmp/data:/data \
-p 4195:4195 \
benthos -c /config.yaml
Contributions are welcome, please read the guidelines, come and chat (links are on the community page), and watch your back.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.