Security News
MCP Community Begins Work on Official MCP Metaregistry
The MCP community is launching an official registry to standardize AI tool discovery and let agents dynamically find and install MCP servers.
By Sarah Gooding - May 09, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
@nephys/plexus
Advanced tools
@nephys/plexus
[](LICENSE) [](https://www.npmjs.com/package/@nephys/plexus) [
Dependency-free decentralized peer-to-peer network for storage and communication based on the Kademlia distributed hash table.
Contents
Installing
npm install @nephys/plexus --save
Testing
npm run test
This test will create a 50-Node Local Mesh Network and then go through the 4 following steps.
| Step | Description |
|---|---|
| Item lookup | Testing if nodes can find an item on the network |
| Node lookup | Testing if nodes can find another node on the network |
| Broadcasting test | Testing if a node can broadcast to the rest of the network |
| Non existent item lookup | Testing if nodes dont find non existent data on the network* |
* (The lookup should timemout and fail)
npm run chat
A demo CLI chat client to test communication between nodes.
npm run broadcast
Testing the broadcasting system between 3 node A, B & C where A & B know eachother, B & C know eachother as well and A & C don't know eachother but should be able to communicate regardless.
// Expected output:
[A] b speaking
[C] b speaking
[B] a speaking
[B] c speaking
[C] a speaking
[A] c speaking
Quick Start
Creating a Plexus Node and joining the Mesh Network.
const plexus = require("plexus");
// Node creation
const node = new plexus.Node({host: "127.0.0.1", port: 8080}); // By default the host and port are 127.0.0.1:8080
// Join the network
node.connect({host: "remote_ip", port: remote_port});
Storage
Storing and retrieving data on the Network.
// Storing data
const item = node.store({key: key, value: value, republish: true}); // If no key is provided it will default to the hash of the value stored
// Retrieving data
const lookup = node.find({key: key});
// The item exists on the Network
lookup.on("found", (result) => {
console.log(result);
});
// The item doesn't exist anywhere on the Network
lookup.on("timeout", () => {
console.log("FIND request timed out");
});
Communication
Broadcasting to the whole Network.
(WIP, subject to forwarding loops under certain network conditions)
// Sendind to the Network
node.broadcast({data: data});
// Handling incoming Broadcasts
node.on("broadcast", (data) => {
console.log(data);
});
Documentation
Resources
- Kademlia Visualizer
- Kademlia Design Specification
- Kademlia: A Peer-to-peer Information System Based on the XOR Metric
- JSON-RPC 2.0 Specification
TODO
-
Implement keep alive (ping contacts to keep the UDP hole open)* -
Implement Item expiration -
Implement Item propagation -
Improve the storage system -
Clean up code -
Finish implementing error handling using exceptions -
Add documentation -
Make broadcasting faster (master & slave broadcasting nodes?) Complete rework
* (WIP)
Support Me 🤝
If you like the project and want to support me you can do so by donating any amout to one of the following addresses or by using it in your own projects and sharing this repo.
Tank you! ❤️
@Nephys, 2021
FAQs
[](LICENSE) [](https://www.npmjs.com/package/@nephys/plexus) [
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025