Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@dyne/slangroom-chain
Advanced tools
Zenroom and zencode are part of the DECODE project about data-ownership and technological sovereignty. Our effort is that of improving people's awareness of how their data is processed by algorithms, as well facilitate the work of developers to create along privacy by design principles using algorithms that can be deployed in any situation without any change.
pnpm add @dyne/slangroom-chain
In many use-cases you want to chain execution of different slangroom and pass the output as keys/data to other slangroom contracts. This small library helps to achieve that by putting your slangroom in an array of steps.
in the following example we define two steps and the result of the first
is passed as keys
to the second one.
import { execute } from '@dyne/slangroom-chain';
const newAccount = `{"username": "Alice"}`;
const steps_definition = {
verbosity: false,
steps: [
{
id: 'step1',
slangroom: `Scenario ecdh: create the keypair at user creation
Given that my name is in a 'string' named 'username'
When I create the keypair
Then print my 'keypair'`,
data: newAccount,
},
{
id: 'step2',
slangroom: `Scenario 'ecdh': Publish the public key
Given that my name is in a 'string' named 'username'
and I have my 'keypair'
Then print my 'public key' from 'keypair'`,
data: newAccount,
keysFromStep: 'step1',
},
],
};
execute(steps).then((r) => console.log(r));
The steps definition is an object literal defined as follows:
type Steps = {
readonly steps: readonly Step[]; // an array of step definitions
readonly conf?: string; // zenroom configuration, could be overridden by each step
readonly verbose?: boolean;
};
The single step definition is an object literal defined as follows:
type Step = {
readonly id: string;
readonly slangroom: string;
readonly data?: string;
readonly dataFromStep?: string;
readonly dataTransform?:
| ((data: string) => string)
| ((data: string) => Promise<string>);
readonly keys?: string;
readonly keysFromStep?: string;
readonly keysTransform?:
| ((data: string) => string)
| ((data: string) => Promise<string>);
readonly conf?: string;
};
The list of the attributes are:
pnpm coverage
No known issue by now
Copyleft (ɔ) 2021 by Dyne.org foundation, Amsterdam
Designed, written and maintained by Puria Nafisi Azizi Slangroom added by Matteo Cristino
Please first take a look at the Dyne.org - Contributor License Agreement then
git checkout -b feature/branch
git commit -am 'Add some fooBar'
git push origin feature/branch
@dyne/slangroom-chain - Execute chain of slangroom smart contracts
Copyleft (ɔ) 2021-2024 Dyne.org foundation, Amsterdam
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
FAQs
Execute chain of slangroom smart contracts
We found that @dyne/slangroom-chain demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.