Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@kyve/core
Advanced tools
@kyve/core
🚀 The base KYVE node implementation.
In order to archive data with KYVE protocol nodes have to run on a storage pool. Every protocol node runs on a runtime which defines how data is being retrieved and how data is being validated. A runtime is just the execution environment for a integration.
Everybody can create a custom integration. For that it is highly recommended to use this package to ensure no unexpected behaviour occurs.
yarn add @kyve/core
The interface IRuntime
defines how a runtime needs to be implemented. It has three main methods which need to be implemented. Explanations in detail can be found on the interface itself in the form of comments (src/types/interfaces.ts
).
An example implementation of the EVM runtime can be found here:
import { DataItem, IRuntime, Node } from "@kyve/core";
import { providers } from "ethers";
export default class EVM implements IRuntime {
public name = "@kyve/evm";
public version = "1.0.0";
// get block with transactions by height
public async getDataItem(core: Node, key: string): Promise<DataItem> {
try {
// setup web3 provider
const provider = new providers.StaticJsonRpcProvider({
url: core.poolConfig.rpc,
});
// fetch data item
const value = await provider.getBlockWithTransactions(+key);
// throw if data item is not available
if (!value) throw new Error();
// Delete the number of confirmations from a transaction to keep data deterministic.
value.transactions.forEach(
(tx: Partial<providers.TransactionResponse>) => delete tx.confirmations
);
return {
key,
value,
};
} catch (error) {
throw error;
}
}
// increment block height by 1
public async getNextKey(key: string): Promise<string> {
return (parseInt(key) + 1).toString();
}
// save only the hash of a block on KYVE chain
public async formatValue(value: any): Promise<string> {
return value.hash;
}
}
Having the runtime implemented the final steps now are choosing suitable prebuild modules for your integration. There are three core features which need to be defined:
The storage provider is basically the harddrive of KYVE. It saves all the data a bundle has and should be web 3 by nature. Current supported storage providers are:
The compression type should also be chosen carefully. Each bundle saved on the storage provider gets compressed and decompressed by this algorithm. Current supported compression types are:
The cache of an integration is responsible for precaching data, making data archival much faster. Current supported caches are:
After settling on certain modules the integration can just be built together and started. An example from the EVM integration can be found here:
import { Node, Arweave, Gzip, JsonFileCache } from "@kyve/core";
import EVM from "./runtime";
new Node()
.addRuntime(new EVM())
.addStorageProvider(new Arweave())
.addCompression(new Gzip())
.addCache(new JsonFileCache())
.start();
To contribute to this repository please follow these steps:
git clone git@github.com:KYVENetwork/core.git
yarn install
FAQs
🚀 The base KYVE node implementation.
We found that @kyve/core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.