Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@arcblock/ws
Advanced tools
Blocklet Server PubSub base on Websocket and Phoenix Protocol
const { WsServer } = require('@arcblock/ws');
/**
* @params {Object} opts
* @params {http.Server} opts.httpServer
* @params {String} opts.pathname default to '/websocket'
* @params {Function} opts.authenticate
*/
const wsServer = new WsServer({
httpServer: http.createServer(),
authenticate: (req, cb) => {
const { searchParams } = new URL(req.url, `http://${req.headers.host || 'unknown'}`);
const token = searchParams.get('token');
if (!token) {
cb(new Error('token not found'), null);
return;
}
// custom logic for validate token
const authInfo = validateToken(token);
// if validate success
cb(null, authInfo);
// if validate error
cb(new Error('validate fail'), null);
},
});
// attach to httpServer(httpServer has passed by constructor)
wsSerer.attach();
// push message
wsServer.push('blocklet.installed', data);
wsServer.push('notification.create', data);
WsClient is inherited from Phoenix(source),
import WsClient from '@arcblock/ws/lib/client';
// create instance
const socket = new WsClient(`//${window.location.hostname}`, {
// params will be passed to server through url
params: () => ({
// token is used for authentication
token: window.localStorage.getItem('abt_node_login_token'),
}),
// Defaults to none
logger: (type, msg, data) => console.log(type, msg, data),
});
// connect
socket.connect();
// add subscriber
socket.on('blocklet.installed', callback1);
socket.on('notification.create', callback2);
// remove subscriber
socket.off('blocklet.installed', callback1);
socket.off('notification.create', callback2);
// disconnect
socket.disconnect(() => {
// after disconnected...
});
It's very simple to create hooks in react apps.
FAQs
OCAP Chain websocket server and client
The npm package @arcblock/ws receives a total of 2,675 weekly downloads. As such, @arcblock/ws popularity was classified as popular.
We found that @arcblock/ws demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.