Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@libp2p/webrtc
Advanced tools
A libp2p transport using WebRTC connections
$ npm i @libp2p/webrtc
<script>
tagLoading this module through a script tag will make it's exports available as Libp2pWebrtc
in the global namespace.
<script src="https://unpkg.com/@libp2p/webrtc/dist/index.min.js"></script>
import { createLibp2p } from 'libp2p'
import { Noise } from '@chainsafe/libp2p-noise'
import { multiaddr } from '@multiformats/multiaddr'
import first from "it-first";
import { pipe } from "it-pipe";
import { fromString, toString } from "uint8arrays";
import { webRTC } from 'js-libp2p-webrtc'
const node = await createLibp2p({
transports: [webRTC()],
connectionEncryption: [() => new Noise()],
});
await node.start()
const ma = multiaddr('/ip4/0.0.0.0/udp/56093/webrtc/certhash/uEiByaEfNSLBexWBNFZy_QB1vAKEj7JAXDizRs4_SnTflsQ')
const stream = await node.dialProtocol(ma, ['/my-protocol/1.0.0'])
const message = `Hello js-libp2p-webrtc\n`
const response = await pipe([fromString(message)], stream, async (source) => await first(source))
const responseDecoded = toString(response.slice(0, response.length))
Examples can be found in the examples folder.
Browsers can only dial
, so listen
is not supported.
interface Transport {
[Symbol.toStringTag]: string
[symbol]: true
dial: (ma: Multiaddr, options: DialOptions) => Promise<Connection>
createListener: (options: CreateListenerOptions) => Listener
filter: MultiaddrFilter
}
class WebRTCTransport implements Transport {
async dial (ma: Multiaddr, options: WebRTCDialOptions): Promise<Connection> {
const rawConn = await this._connect(ma, options)
log(`dialing address - ${ma.toString()}`)
return rawConn
}
createListener (options: CreateListenerOptions): Listener {
throw unimplemented('WebRTCTransport.createListener')
}
}
interface MultiaddrConnection extends Duplex<Uint8Array> {
close: (err?: Error) => Promise<void>
remoteAddr: Multiaddr
timeline: MultiaddrConnectionTimeline
}
class WebRTCMultiaddrConnection implements MultiaddrConnection { }
Contributions are welcome! The libp2p implementation in JavaScript is a work in progress. As such, there's a few things you can do right now to help out:
Please be aware that all interactions related to libp2p are subject to the IPFS Code of Conduct.
Small note: If editing the README, please conform to the standard-readme specification.
This module leans heavily on (Aegir)[https://github.com/ipfs/aegir] for most of the package.json
scripts.
The build script is a wrapper to aegir build
. To build this package:
npm run build
The build will be located in the /dist
folder.
There is also npm run generate:proto
script that uses protoc to populate the generated code directory proto_ts
based on *.proto
files in src. Don't forget to run this step before build
any time you make a change to any of the *.proto
files.
To run all tests:
npm test
To run tests for Chrome only:
npm run test:chrome
To run tests for Firefox only:
npm run test:firefox
Aegir is also used to lint the code, which follows the Standard JS linter. The VS Code plugin for this standard is located at https://marketplace.visualstudio.com/items?itemName=standard.vscode-standard. To lint this repo:
npm run lint
You can also auto-fix when applicable:
npm run lint:fix
npm run clean
npm run deps-check
Licensed under either of
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
FAQs
A libp2p transport using WebRTC connections
The npm package @libp2p/webrtc receives a total of 5,580 weekly downloads. As such, @libp2p/webrtc popularity was classified as popular.
We found that @libp2p/webrtc demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.