
Research
/Security News
Compromised npm Packages in the AsyncAPI Namespace Deliver Miasma Botnet Loader
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.
@hyperledger/indy-vdr-shared
Advanced tools
This package does not contain any functionality, just the classes and types that wrap around the native NodeJS / React Native functionality
Every function can be called by creating an instance of a class with the
correct parameters. This class will have a handle as a property and that can
be used to create a ledger request. Following is a small example to request a
schema from a ledger.
import { PoolCreate, GetSchemaRequest } from '@hyperledger/indy-vdr-shared'
const pool = new PoolCreate({
parameters: {
transactions: <TRANSACTION_OBJECT>
}
})
const getSchemaRequest = new GetSchemaRequest({
schemaId: 'J6nTnUo3YLayzc2GUUctb1:2:MyName:1.0',
})
const schemaResponse = await pool.submitRequest(getSchemaRequest)
If you would like to leverage the Indy VDR libraries for JavaScript in a platform independent way you need to add the @hyperledger/indy-vdr-shared package to your project. This package exports all public methods.
Before calling any methods you then need to make sure you register the platform specific native bindings. You can do this by importing the platform specific package. You can do this by having separate files that register the package, which allows the React Native bundler to import a different package:
// register.ts
import '@hyperledger/indy-vdr-nodejs'
// register.native.ts
import '@hyperledger/indy-vdr-react-native'
An alterative approach is to first try to require the Node.JS package, and otherwise require the React Native package:
try {
require('@hyperledger/indy-vdr-nodejs')
} catch (error) {
try {
require('@hyperledger/indy-vdr-react-native')
} catch (error) {
throw new Error('Could not load Indy VDR bindings')
}
}
How you approach it is up to you, as long as the native binding are called before any actions are performed on the Indy VDR library.
FAQs
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.