Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
@hazae41/foras
Advanced tools
WebAssembly port of Rust's flate2, a Rust implementation of Deflate, Gzip, and Zlib compressions.
WebAssembly port of Rust's flate2, a Rust implementation of Deflate, Gzip, and Zlib compressions.
npm i @hazae41/foras
Node Package 📦 • Deno Module 🦖 • Next.js CodeSandbox 🪣
import { Foras, deflate, inflate } from "@hazae41/foras";
// or { Foras, gzip, gunzip }
// or { Foras, zlib, unzlib }
// Wait for WASM to load
Foras.initSyncBundledOnce()
const bytes = new TextEncoder().encode("Hello world")
const compressed = deflate(bytes)
const decompressed = inflate(compressed)
You need to install Rust
Then, install wasm-pack
cargo install wasm-pack
Finally, do a clean install and build
npm ci && npm run build
You can build the exact same bytecode using Docker, just be sure you're on a linux/amd64
host
docker compose up --build
Then check that all the files are the same using git status
git status --porcelain
If the output is empty then the bytecode is the same as the one I commited
Each time I commit to the repository, the GitHub's CI does the following:
docker compose up --build
git status --porcelain
output is not emptyEach time I release a new version tag on GitHub, the GitHub's CI does the following:
npm diff
between the cloned repository and the same version tag on NPMIf a version is present on NPM but not on GitHub, do not use!
FAQs
WebAssembly port of Deflate, Gzip, and Zlib compression algorithms
The npm package @hazae41/foras receives a total of 353 weekly downloads. As such, @hazae41/foras popularity was classified as not popular.
We found that @hazae41/foras demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.