
Security News
NIST Under Federal Audit for NVD Processing Backlog and Delays
As vulnerability data bottlenecks grow, the federal government is formally investigating NIST’s handling of the National Vulnerability Database.
github.com/p9c/peer
Supply Chain Security
Vulnerability
Quality
Maintenance
License
Network access
Supply chain riskThis module accesses the network.
Found 2 instances in 2 packages
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
High CVE
Package peer provides a common base for creating and managing bitcoin network peers.
This package has intentionally been designed so it can be used as a standalone package for any projects needing a full featured bitcoin peer base to build on.
This package builds upon the wire package, which provides the fundamental primitives necessary to speak the bitcoin wire protocol, in order to simplify the process of creating fully functional peers. In essence, it provides a common base for creating concurrent safe fully validating nodes, Simplified Payment Verification (SPV) nodes, proxies, etc.
A quick overview of the major features peer provides are as follows:
Provides a basic concurrent safe bitcoin peer for handling bitcoin communications via the peer-to-peer protocol
Full duplex reading and writing of bitcoin protocol messages
Automatic handling of the initial handshake process including protocol version negotiation
Asynchronous message queueing of outbound messages with optional channel for notification when the message is actually sent
Flexible peer configuration
Caller is responsible for creating outgoing connections and listening for incoming connections so they have flexibility to establish connections as they see fit (proxies, etc)
User agent name and version
Bitcoin network
Service support signalling (full nodes, bloom filters, etc)
Maximum supported protocol version
Ability to register callbacks for handling bitcoin protocol messages
Inventory message batching and send trickling with known inventory detection and avoidance
Automatic periodic keep-alive pinging and pong responses
Random nonce generation and self connection detection
Proper handling of bloom filter related commands when the caller does not specify the related flag to signal support
Disconnects the peer when the protocol version is high enough
Does not invoke the related callbacks for older protocol versions
Snapshottable peer statistics such as the total number of bytes read and written, the remote address, user agent, and negotiated protocol version
Helper functions pushing addresses, getblocks, getheaders, and reject messages
Ability to wait for shutdown/disconnect
Comprehensive test coverage
$ go get -u github.com/p9c/peer
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
As vulnerability data bottlenecks grow, the federal government is formally investigating NIST’s handling of the National Vulnerability Database.
Research
Security News
Socket’s Threat Research Team has uncovered 60 npm packages using post-install scripts to silently exfiltrate hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.
Security News
TypeScript Native Previews offers a 10x faster Go-based compiler, now available on npm for public testing with early editor and language support.