Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@ipld/dag-pb
Advanced tools
An implementation of the DAG-PB spec for JavaScript designed for use with multiformats or via the higher-level Block
abstraction in @ipld/block.
import CID from 'multiformats/cid'
import { sha256 } from 'multiformats/hashes/sha2'
import * as dagPB from '@ipld/dag-pb'
async function run () {
const bytes = dagPB.encode({
Data: new TextEncoder().encode('Some data as a string'),
Links: []
})
// also possible if you `import dagPB, { prepare } from '@ipld/dag-pb'`
// const bytes = dagPB.encode(prepare('Some data as a string'))
// const bytes = dagPB.encode(prepare(new TextEncoder().encode('Some data as a string')))
const hash = await sha256.digest(bytes)
const cid = CID.create(1, dagPB.code, hash)
console.log(cid, '=>', Buffer.from(bytes).toString('hex'))
const decoded = dagPB.decode(bytes)
console.log(decoded)
console.log(`decoded "Data": ${new TextDecoder().decode(decoded.Data)}`)
}
run().catch((err) => {
console.error(err)
process.exit(1)
})
@ipld/dag-pb
is designed to be used within multiformats but can be used separately. encode()
, decode()
, validate()
and prepare()
functions are available if you pass in a multiformats
object to the default export function. Each of these can operate independently as required.
prepare()
The DAG-PB encoding is very strict about the Data Model forms that are passed in. The objects must exactly resemble what they would if they were to undergo a round-trip of encode & decode. Therefore, extraneous or mistyped properties are not acceptable and will be rejected. See the DAG-PB spec for full details of the acceptable schema and additional constraints.
Due to this strictness, a prepare()
function is made available which simplifies construction and allows for more flexible input forms. Prior to encoding objects, call prepare()
to receive a new object that strictly conforms to the schema.
import CID from 'multiformats/cid'
import { prepare } from '@ipld/dag-pb'
console.log(prepare({ Data: 'some data' }))
// ->{ Data: Uint8Array(9) [115, 111, 109, 101, 32, 100, 97, 116, 97] }
console.log(prepare({ Links: [CID.parse('bafkqabiaaebagba')] }))
// -> { Links: [ { Hash: CID(bafkqabiaaebagba) } ] }
Some features of prepare()
:
Data
are converted{ Data: bytes }
(as are Uint8Array
s)Links
array are attempted, including interpreting the whole link element as a CID, reading a Uint8Array
as a CIDName
is a string
and Tsize
is a number
)Links
array is always present, even if emptyLinks
array is properly sortedLicensed under either of
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
FAQs
JS implementation of DAG-PB
We found that @ipld/dag-pb demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.