Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/nullne/trie
Package trie
implements rune-wise and path-wise Tries optimized for Get
performance and to allocate 0 bytes of heap memory (i.e. garbage) per Get
.
A typical use case is to perform any Put
or Delete
operations upfront to populate the trie, then perform Get
operations very quickly. The Tries do not synchronize access (not thread-safe).
When Tries are chosen over maps, it is typically for their space efficiency. However, in situations where direct key lookup is not possible (e.g. routers), tries can provide faster lookups and avoid key iteration.
$ go get github.com/dghubble/trie
Read Godoc
RuneTrie is a typical Trie which segments strings rune-wise (i.e. by unicode code point). These benchmarks perform Puts and Gets of random string keys that are 30 bytes long and of random '/' separated paths that have 3 parts and are 30 bytes long (longer if you count the '/' seps).
BenchmarkRuneTriePutStringKey-8 3000000 437 ns/op 9 B/op 1 allocs/op
BenchmarkRuneTrieGetStringKey-8 3000000 411 ns/op 0 B/op 0 allocs/op
BenchmarkRuneTriePutPathKey-8 3000000 464 ns/op 9 B/op 1 allocs/op
BenchmarkRuneTrieGetPathKey-8 3000000 429 ns/op 0 B/op 0 allocs/op
PathTrie segments strings by forward slash separators which can boost performance for some use cases. These benchmarks perform Puts and Gets of random string keys that are 30 bytes long and of random '/' separated paths that have 3 parts and are 30 bytes long (longer if you count the '/' seps).
BenchmarkPathTriePutStringKey-8 30000000 55.5 ns/op 8 B/op 1 allocs/op
BenchmarkPathTrieGetStringKey-8 50000000 37.9 ns/op 0 B/op 0 allocs/op
BenchmarkPathTriePutPathKey-8 20000000 88.7 ns/op 8 B/op 1 allocs/op
BenchmarkPathTrieGetPathKey-8 20000000 68.6 ns/op 0 B/op 0 allocs/op
Note that for random string Puts and Gets, the PathTrie is effectively a map as every node is a direct child of the root (except for strings that happen to have a slash).
This benchmark measures the performance of the PathSegmenter alone. It is used to segment random paths that have 3 '/' separated parts and are 30 bytes long.
BenchmarkPathSegmenter-8 50000000 32.0 ns/op 0 B/op 0 allocs/op
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.