Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@relaycorp/cogrpc
Advanced tools
This library implements CogRPC in JavaScript with types included. It offers a CogRPC client and the building blocks to implement a CogRPC server. This documentation assumes familiarity with CogRPC.
@relaycorp/cogrpc
requires Node.js v10 or newer, and the latest stable release can be installed as follows:
npm install @relaycorp/cogrpc
Development releases use the dev
tag (@relaycorp/cogrpc@dev
).
The next section explains how to use this library. You may also want to read the API documentation.
The first step to use the CogRPC client is to initialize it:
import { CogRPCClient } from '@relaycorp/cogrpc';
const SERVER_URL = 'https://192.168.43.1';
const client = await CogRPCClient.init(SERVER_URL);
You can start delivering and collecting cargo once the client is initialized -- Simply use the client methods deliverCargo()
and collectCargo()
, respectively.
For example, the following is an overly simplistic version of a courier synchronizing cargo with the public gateway at https://gb.relaycorp.tech
:
import { CogRPCClient } from '@relaycorp/cogrpc';
import { Cargo, CargoDeliveryRequest } from '@relaycorp/relaynet-core';
import { promises as fs } from 'fs';
const ROOT_DIR = '/var/cargoes';
async function main(): Promise<void> {
const gwAddress = 'https://gb.relaycorp.tech';
const client = await CogRPCClient.init(gwAddress);
// Deliver cargo
const outgoingCargoes = retrieveOutgoingCargoes(gwAddress);
for await (const deliveredCargoPath of client.deliverCargo(outgoingCargoes)) {
// Delete each cargo as soon as it's delivered
await fs.unlink(deliveredCargoPath);
}
// Collect cargo
const cca = await fs.readFile(`${ROOT_DIR}/ccas/${gwAddress}`);
for await (const incomingCargo of client.collectCargo(cca)) {
let cargo: Cargo;
try {
cargo = await Cargo.deserialize(incomingCargo);
await cargo.validate();
} catch (error) {
continue;
}
const path = `${ROOT_DIR}/sneakernet-bound/${cargo.recipientAddress}/${cargo.id}`;
await fs.writeFile(path, incomingCargo);
}
}
async function* retrieveOutgoingCargoes(
publicGatewayAddress: string,
): AsyncIterable<CargoDeliveryRequest> {
const dir = `${ROOT_DIR}/internet-bound/${publicGatewayAddress}`;
for await (const cargoPath of fs.readdir(dir)) {
yield { cargo: await fs.readFile(cargoPath), localId: cargoPath };
}
}
If you're writing a CogRPC server in a courier or a public gateway, you may want to use the following values exported by this library:
CargoRelayService
, which is the ProtoBuf representation of the service.CargoDelivery
and CargoDeliveryAck
, the interfaces for the data exchanged over gRPC.If you have any questions or comments, please create an issue on GitHub.
Releases are automatically published on GitHub and NPM, and the changelog can be found on GitHub. This project uses semantic versioning.
FAQs
Relaynet CogRPC binding
We found that @relaycorp/cogrpc demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.