Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@digicatapult/dscp-process-management
Advanced tools
A Library for managing restricted process flows in DSCP
.
For the basic application to work and for locally run tests to work docker-compose up
must be run.
The build command should be run first to create the converted ts files.
npm run build
To start the basic application
npm run local
To install npm CLI tool. It will be linked to local binaries so can be executed as process-management
npm i -g
process-management help
dscp-process-management
takes the following arguments to configure the Polkadot.js
API connection:
variable | required | default | description |
---|---|---|---|
host | N | localhost | The hostname of the dscp-node the API should connect to |
port | N | 9944 | The port of the dscp-node the API should connect to |
user | Y | - | The Substrate URI representing the private key to use when making dscp-node transactions. //Alice for dev chain |
For the full list of available restrictions see dscp-node
Returns all available commands
$ process-management
Usage: process management [options] [command]
a command line interface for managing chain processes
Options:
-v, --version output current version
--help display help for command
Commands:
list [options] A command for listing all active process flows
create [options] <json> A command for persisting process flows onto the chain
disable [options] <id> <version> A command for disabling an existing process flows. Required process ID and version
help [command] display help for command
$ process-management help create
Usage: process management create [options] <json>
A command for persisting process flows onto the chain
Options:
--dryRun to validate process and response locally before persisting on the chain, default - false
--verbose Returns all information about the transation, default - false
-h, --host <host> substrate blockchain host address or FQDM, default - "localhost" (default: "localhost")
-p, --port <port> specify host port number if it is not a default, default - 9944 (default: "9944")
-f, --file <file> path to file containing process flows to loads
-u, --user <user> specify substrate blockchain user URI
--help display help for command
#
# example
#
$ process-management create -h localhost -p 9944 -u //Alice '[{"name":"A test","version":1,"program":[{"restriction":{"FixedNumberOfOutputs":{"numOutputs":1}}},{"restriction":{"None":{}}},{"op":"Or"}]}]'
{
'A test': {
message: 'Transaction for new process A test has been successfully submitted',
process: {
id: 'A test',
version: 1,
status: 'Enabled',
program: [
{ restriction: { FixedNumberOfOutputs: { numOutputs: 1 } } },
{ restriction: { None: {} } },
{ op: 'Or' }
]
}
}
}
Or use a .json
file
process-management create -h localhost -p 9944 -u //Alice "$(cat exampleProcess.json)"
$ process-management help disable
Usage: process management disable [options] <id> <version>
A command for disabling an existing process flows. Required process ID and version
Arguments:
id a valid process id that you would like to disable
version a version number of a process
Options:
--dryRun to validate process and response locally before persisting on the chain, default - false
-h, --host <host> substrate blockchain host address or FQDM, default - "localhost" (default: "localhost")
-p, --port <port> specify host port number if it is not a default, default - 9944 (default: "9944")
--print print debugging info
-u, --user <user> specify substrate blockchain user URI
--help display help for command
#
# example
#
# let's create so we have something to disable
$ process-management create -u //Alice -f ./exampleProcess.json
{
'B test': {
message: 'Transaction for new process B test has been successfully submitted',
process: {
id: 'B test',
version: 1,
status: 'Enabled',
program: [
{ restriction: { FixedNumberOfOutputs: { numOutputs: 1 } } },
{ restriction: { None: {} } },
{ op: 'Or' }
]
}
}
}
$ process-management disable -u //Alice 'B test' '1'
{
message: 'Process has been disabled',
process: { id: 'B test', version: 1, status: 'Disabled' }
}
$ process-management list --help
Usage: process management list [options]
A command for listing all active process flows
Options:
-h, --host <host> substrate blockchain host address or FQDM, default - "localhost" (default: "localhost")
-p, --port <port> specify host port number if it is not a default, default - 9944 (default: "9944")
--raw print processes with hex values and extra keys such as "createdAtHash"
--active returns only active process flows
--disabled returns only disabled process flows
--print print debugging info
--help display help for command
#
# example
#
$ process-management list --active
[
{
id: 'default',
version: 1,
status: 'Enabled',
program: [ { restriction: { none: null } } ]
}
]
Unit tests can be run without docker using:
npm run test:unit
To run the integration test suite first bring up the test dependency services using docker
docker compose -f ./docker-compose-test.yaml up -d
And then to run the tests
npm run test
FAQs
DSCP Process Management Flow
The npm package @digicatapult/dscp-process-management receives a total of 2 weekly downloads. As such, @digicatapult/dscp-process-management popularity was classified as not popular.
We found that @digicatapult/dscp-process-management demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.