Research
/Security News
Shai Hulud Strikes Again (v2)
Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected.
By Socket Research Team -  Nov 24, 2025
🚨 Shai-Hulud Strikes Again:More than 500 packages and 700+ versions compromised.Technical Analysis →
@dashevo/dash-protocol
Advanced tools
dash-protocol
Dash network protocol streams
This module encodes and decodes low-level network protocol data using streams.
Usage
npm install @dashevo/dash-protocol
const net = require('net');
const bp = require('@dashevo/dash-protocol');
const decoder = bp.createDecodeStream();
decoder.on('data', message => console.log);
const encoder = bp.createEncodeStream();
const socket = net.connect(8333, '127.0.0.1');
socket.pipe(decoder);
encoder.pipe(socket);
encoder.write({
magic: 0xd9b4bef9,
command: 'ping',
payload: {
nonce: new Buffer('0123456789abcdef', 'hex')
}
})
Methods
createDecodeStream([opts])
Creates a stream which parses raw network bytes written to it and outputs message objects.
Opts may contain:
{
magic: Number
// If provided, the decoder will check if messages' "magic" field matches
// this value. If it does not match, the stream will emit an error.
}
createEncodeStream([opts])
Creates a stream which encodes message objects to raw network bytes.
Opts may contain:
{
magic: Number
// If provided, the encoder will automatically add the "magic" field to each
// message written to it.
}
Format
Decoder
Emitted by the decoder:
{
magic: Number,
command: String,
length: Number,
checksum: Buffer, // 8 bytes,
payload: Object // see below for detailed payload formats
}
Encoder
Written to the encoder:
{
magic: Number, // optional if you set this in the options
command: String,
payload: Object // see below for detailed payload formats
}
Payload Reference
The formats for the objects used as message payloads for the various commands are as follows. See the wiki for more information about these messages.
version
{
version: Number,
services: Buffer, // 8 bytes
timestamp: Number,
receiverAddress: {
services: Buffer, // 8 bytes
address: String, // ipv4 or ipv6
port: Number
},
senderAddress: {
services: Buffer, // 8 bytes
address: String, // ipv4 or ipv6
port: Number
},
nonce: Buffer, // 8 bytes
userAgent: String,
startHeight: Number,
relay: Boolean
}
verack, getaddr, mempool, filterclear, sendheaders
// no payload needed
addr
[
{
time: Number,
services: Buffer, // 8 bytes
address: String, // ipv4 or ipv6
port: Number
},
...
]
inv, getdata, notfound
[
{
type: Number,
hash: Buffer // 32 bytes
},
...
]
getblocks, getheaders
{
version: Number,
locator: [
Buffer // 32 bytes
],
hashStop: Buffer // 32 bytes
}
tx
{
version: Number,
ins: [
{
hash: Buffer, // 32 bytes
index: Number,
script: Buffer, // varying length
sequence: Number
},
...
],
outs: [
{
value: BN, // from 'bn.js' package
script: Buffer // varying length
},
...
],
locktime: Number
}
block
{
header: {
version: Number,
prevHash: Buffer, // 32 bytes
merkleRoot: Buffer, // 32 bytes
timestamp: Number,
bits: Number,
nonce: Number,
},
transactions: [
{}, // same format as 'tx' message
...
]
}
headers
[
{
header: {
version: Number,
prevHash: Buffer, // 32 bytes
merkleRoot: Buffer, // 32 bytes
timestamp: Number,
bits: Number,
nonce: Number,
},
nTransactions: Number
},
...
]
ping, pong
{
nonce: Buffer // 8 bytes
}
reject
{
message: String,
ccode: Number,
reason: String,
data: Buffer // varying length
}
filterload
{
data: Buffer, // varying length
nHashFuncs: Number,
nTweak: Number,
nFlags: Number
}
filteradd
{
data: Buffer // varying length
}
merkleblock
{
header: {
version: Number,
prevHash: Buffer, // 32 bytes
merkleRoot: Buffer, // 32 bytes
timestamp: Number,
bits: Number,
nonce: Number
},
numTransactions: Number,
hashes: [
Buffer // 32 bytes
],
flags: Buffer // varying length
}
alert
{
payload: Buffer, // varying length
signature: Buffer // varying length
}
FAQs
Dash network protocol streams
We found that @dashevo/dash-protocol demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 11 open source maintainers collaborating on the project.
Package last updated on 23 Apr 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Webhook Events for Alert Changes
Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.
By Phil Gates-Idem -  Nov 21, 2025
Security News
ENISA Becomes a CVE Root, Expanding Its Role in Europe’s Vulnerability Ecosystem
ENISA has become a CVE Program Root, giving the EU a central authority for coordinating vulnerability reporting, disclosure, and cross-border response.
By Sarah Gooding -  Nov 21, 2025