Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@exact-realty/rfc8188
Advanced tools
An implementation of RFC 8188 (encrypted content-encoding for HTTP)
🔒 RFC 8188 Encrypted Content-Encoding for HTTP in TypeScript
To install the package, you can use npm or yarn:
npm install @exact-realty/rfc8188
or
yarn add @exact-realty/rfc8188
import { encodings, decrypt } from '@exact-realty/rfc8188';
// Maximum permissible record size when decrypting. Because the decrypted data
// are buffered until a record is full, not limiting it can result in a very
// large memory allocation (4 GiB) depending on the incoming data.
// If this parameter is not provided, no limit is used. Otherwise, incoming data
// claiming to have records larger than this value will be rejected with.
const maxRecordSize = Infinity;
// Provide a function to lookup Initial Keying Material (IKM)
const lookupIKM = async (keyId) => {
// Your logic to lookup IKM
return new ArrayBuffer(16);
};
// Your readable stream with ciphertext
const dataStreamToDecrypt = new ReadableStream();
// Decrypt data
const decryptedDataSteam = decrypt(
encodings.aes128gcm,
dataStreamToDecrypt,
lookupIKM,
maxRecordSize, // optional
);
// Handle decrypted data stream
// ...
import { encodings, encrypt } from '@exact-realty/rfc8188';
// Your readable stream with plaintext
const dataStreamToEncrypt = new ReadableStream();
// Some record size. It must be a value between 18 and 2**32 - 1 and is used
// for chunking.
const recordSize = 512;
// A key ID to be included in the payload header.
// It must be between 0 and 255 bytes long and is used to identify the IKM used.
const keyId = new ArrayBuffer(0);
// Initial Keying Material (IKM). Used to derive an encryption key. Note: this
// value is **not** output and it must be treated as a secret.
const IKM = new ArrayBuffer(0);
// Optional. A salt value, which will be combined with the IKM to derive an
// encyption key. If none is provided, a randomly-generated salt value will be
// used. Note that the salt must be exactly 16 bytes long.
const salt = new ArrayBuffer(16);
// Provide plaintext data and encryption parameters
const encryptedDataStream = await encrypt(
encodings.aes128gcm,
dataStreamToEncrypt,
recordSize,
keyId,
IKM,
salt, // optional
);
// Handle encrypted data stream
// ...
We welcome any contributions and feedback! Please feel free to submit pull requests, bug reports or feature requests to our GitHub repository.
This project is released under the ISC license. Check out the LICENSE
file for
more information.
FAQs
An implementation of RFC 8188 (encrypted content-encoding for HTTP)
The npm package @exact-realty/rfc8188 receives a total of 0 weekly downloads. As such, @exact-realty/rfc8188 popularity was classified as not popular.
We found that @exact-realty/rfc8188 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.