Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@cogitojs/faucet
Advanced tools
faucet
This is a very simple faucet Express app. It supports the following REST call:
POST /donate/<ethereum address>
Installation
Cogito Faucet is a NodeJS program. It can be installed by running
npm install -g @cogitojs/faucet
or alternatively
yarn global install @cogitojs/faucet
Parameters
The cogito-faucet command takes the following arguments:
<account>, this first argument is the account number from which Ether will be donated. Needs to include the0xprefix.-dor--donationfollowed by an amount of Ether. This is the amount of Ether that is donated per request. Defaults to0.1.-por--providerfollowed by the provider URL. This specifies the full URL of the node in your blockchain network (includinghttporhttpsand port number if needed). Defaults tohttp://localhost:8545.--portfollowed by a port number. The port that the faucet listens on. Defaults to3001
The private key that corresponds with the account is specified as an environment variable:
COGITO_FAUCET_PRIVATE_KEY=C87509A1C067BBDE78BEB793E6FA76530B6382A4C0241E5E4A9EC0A0F44DC0D3
Example
This runs a faucet that hands out Ether in amount of 0.01 from the account
0x627306090abab3a6e1400e9345bc60c78a8bef57, using its corresponding private key.
It uses the Ethereum node at ip address 192.168.1.112:
COGITO_FAUCET_PRIVATE_KEY=C87509A1C067BBDE78BEB793E6FA76530B6382A4C0241E5E4A9EC0A0F44DC0D3 \
cogito-faucet --donation 0.01 --provider http://192.168.1.112:8545 0x627306090abab3a6e1400e9345bc60c78a8bef57
Using the faucet
After the faucet is started, you can use test it by performing a post using e.g.
curl:
curl -X POST -D - http://localhost:3001/donate/0xdf562290eceb83d659e23252ae8d38fa0bbc06e8
or using httpie:
http POST http://localhost:3001/donate/0xdf562290eceb83d659e23252ae8d38fa0bbc06e8
When using a deployed network, you may want to increase the timeouts. For
curl:
curl -X POST -m 600 -D - https://blockchain.deployed.com/faucet/donate/0x6b0be084e6ffc7d6cace8e01e2814c869257c3aa
for httpie:
http --timeout=600 POST https://blockchain.deployed.com/faucet/donate/0x6b0be084e6ffc7d6cace8e01e2814c869257c3aa
This will give the network 10min.
FAQs
Simple faucet with REST API
We found that @cogitojs/faucet demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 24 Apr 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025