
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@cortexkit/subc-client
Advanced tools
TypeScript client for the subc daemon. Wire-compatible (byte-for-byte) with the Rust subc-transport handshake and subc-protocol envelope.
TypeScript client for the subc daemon. It speaks the same
loopback-TCP transport as the Rust consumers (subc-core's subc-probe),
wire-compatible byte-for-byte with subc-transport (the HMAC-SHA256
handshake) and subc-protocol (the 17-byte envelope and channel-0 control RPCs).
Use it when a TypeScript/JavaScript process needs to reach a subc-routed module (e.g. a provider module exposing a tool surface or a management surface).
It ships as source (no build step) and runs on Bun or Node ≥ 18 — the only
imports are node:net, node:crypto, and node:fs.
// from the subconscious monorepo
"dependencies": { "@cortexkit/subc-client": "workspace:*" }
A consumer authenticates, optionally lists the catalog, opens a route to a
target module, then issues requests on the returned route channel. There is no
client HELLO — HELLO is module-registration only.
import { SubcClient } from "@cortexkit/subc-client";
// The daemon publishes its connection file at $XDG_RUNTIME_DIR/subc-connection.json.
const client = await SubcClient.connect({ connectionFile });
// Optional: discover what is registered.
const modules = await client.catalogList();
// Open a route to a management-surface module and call it.
const routeChannel = await client.routeOpen(
{ kind: "management_surface", module_id: "ai-provider-quota" },
{ project_root: process.cwd(), harness: "my-harness", session: "session-1" },
);
// request() resolves to the module's full Response body (the parsed JSON),
// NOT an unwrapped field. A module decides its own response envelope; this one
// wraps its array under `result`, so read `body.result`.
const body = await client.request(routeChannel, { method: "usage.get", params: {} });
const usage = body.result; // ProviderUsage[] for the ai-provider-quota module
client.close();
connect() runs the full handshake before resolving: ClientHello →
verify the server's proof and the daemon id from the connection file →
ClientAuth. A wrong key, an impostor daemon, or a tampered connection file
fails loud with an AuthError rather than connecting insecurely.
(channel, corr), never by arrival order. subc may interleave a
control reply ahead of another exchange's response on the same connection.Interactive. request() accepts { priority, timeoutMs, onProgress };
onProgress receives interim Push/StreamData frame bodies before the
terminal reply.FrameType::Error frame surfaces as a
thrown SubcError carrying the canonical { code, message }.0600); a
group/world-readable file is rejected, because the key has effectively leaked.bun test # 23 unit + 2 live-handshake
The live-handshake tests boot the real subc-core binary
(target/debug/subc-core) and complete the handshake against it — the
byte-identity authority for this client. They skip automatically when the binary
is not built; run cargo build -p subc-core first (the CI lane does this).
| File | Responsibility |
|---|---|
src/envelope.ts | 17-byte header codec, frame types, flags, priority |
src/connection-file.ts | read + validate the daemon connection file (owner-only gate) |
src/socket.ts | buffered TCP socket with deadline-bounded readExact |
src/auth.ts | HMAC-SHA256 handshake (computeProof, constant-time verify) |
src/client.ts | SubcClient: handshake, channel-0 RPCs, request() corr-mux |
FAQs
TypeScript client for the subc daemon. Wire-compatible (byte-for-byte) with the Rust subc-transport handshake and subc-protocol envelope.
The npm package @cortexkit/subc-client receives a total of 1,316 weekly downloads. As such, @cortexkit/subc-client popularity was classified as popular.
We found that @cortexkit/subc-client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.