Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
go.ligato.io/cn-infra/v2
CN-Infra (cloud-native infrastructure) is a Golang framework for building control plane agents for cloud-native Virtual Network Functions It is basically a collection of components/libraries used in most control plane agents tied together with a common life-cycle management mechanism.
Extensive documentation with tutorials & how-to guides can be found at docs.ligato.io.
Go docs for the code can be found at godoc.org/github.com/ligato/cn-infra.
A very simple example of a control plane agent that uses Etcd as its configuration data store is as follows:
func main() {
// Create agent with connector plugins
a := agent.NewAgent(agent.AllPlugins(
&etcd.DefaultPlugin,
&resync.DefaultPlugin,
))
if err := a.Run(); err != nil {
log.Fatal(err)
}
}
You can find the above example here, from where it can be compiled and run in your favorite environment.
Each management/control plane app built on top of the CN-Infra framework is basically a set of modules called "plugins" in CN-Infra lingo, where each plugin provides a very specific/focused functionality. Some plugins are provided by the CN-Infra framework itself, some are written by the app's implementors. In other words, the CN-Infra framework itself is implemented as a set of plugins that together provide the framework's functionality, such as logging, health checks, messaging (e.g. Kafka), a common front-end API and back-end connectivity to various KV data stores (Etcd, Cassandra, Redis, ...), and REST and gRPC APIs.
The architecture of the CN-Infra framework is shown in the following figure.
The CN-Infra framework consists of a Agent that provides plugin lifecycle management (initialization and graceful shutdown of plugins) and a set of framework plugins. Note that the figure shows not only CN-Infra plugins that are a part of the CN-Infra framework, but also app plugins that use the framework. CN-Infra framework plugins provide APIs that are consumed by app plugins. App plugins themselves may provide their own APIs consumed by external clients.
The framework is modular and extensible. Plugins supporting new functionality (e.g. another KV store or another message bus) can be easily added to the existing set of CN-Infra framework plugins. Moreover, CN-Infra based apps can be built in layers: a set of app plugins together with CN-Infra plugins can form a new framework providing APIs/services to higher layer apps. This approach was used in the VPP Agent - a management/control agent for VPP based software data planes.,
Extending the code base does not mean that all plugins end up in all apps - app writers can pick and choose only those framework plugins that are required by their app; for example, if an app does not need a KV store, the CN-Infra framework KV data store plugins would not be included in the app. All plugins used in an app are statically linked into the app.
A CN-Infra plugin is typically implemented as a library providing the plugin's functionality/APIs wrapped in a plugin wrapper. A CN-Infra library can also be used standalone in 3rd party apps that do not use the CN-Infra framework. The plugin wrapper provides lifecycle management for the plugin component.
Plugins in the current CN-Infra release provide functionality in one of the following functional areas:
If you are interested in contributing, please see the contribution guidelines.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.