Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@relaycorp/cogrpc
Advanced tools
This library implements CogRPC in JavaScript with types included. It offers a CogRPC client and the building blocks to implement a CogRPC server. This documentation assumes familiarity with CogRPC.
@relaycorp/cogrpc
requires Node.js v10 or newer, and the latest stable release can be installed as follows:
npm install @relaycorp/cogrpc
Development releases use the dev
tag (@relaycorp/cogrpc@dev
).
The next section explains how to use this library. You may also want to read the API documentation.
The first step to use the CogRPC client is to initialize it:
import { CogRPCClient } from '@relaycorp/cogrpc';
const SERVER_URL = 'https://192.168.43.1';
const client = await CogRPCClient.init(SERVER_URL);
You can start delivering and collecting cargo once the client is initialized -- Simply use the client methods deliverCargo()
and collectCargo()
, respectively.
For example, the following is an overly simplistic version of a courier synchronizing cargo with the public gateway at https://gb.relaycorp.tech
:
import { CogRPCClient } from '@relaycorp/cogrpc';
import { Cargo, CargoDeliveryRequest } from '@relaycorp/relaynet-core';
import { promises as fs } from 'fs';
const ROOT_DIR = '/var/cargoes';
async function main(): Promise<void> {
const gwAddress = 'https://gb.relaycorp.tech';
const client = await CogRPCClient.init(gwAddress);
// Deliver cargo
const outgoingCargoes = retrieveOutgoingCargoes(gwAddress);
for await (const deliveredCargoPath of client.deliverCargo(outgoingCargoes)) {
// Delete each cargo as soon as it's delivered
await fs.unlink(deliveredCargoPath);
}
// Collect cargo
const cca = await fs.readFile(`${ROOT_DIR}/ccas/${gwAddress}`);
for await (const incomingCargo of client.collectCargo(cca)) {
let cargo: Cargo;
try {
cargo = await Cargo.deserialize(incomingCargo);
await cargo.validate();
} catch (error) {
continue;
}
const path = `${ROOT_DIR}/sneakernet-bound/${cargo.recipientAddress}/${cargo.id}`;
await fs.writeFile(path, incomingCargo);
}
}
async function* retrieveOutgoingCargoes(
publicGatewayAddress: string,
): AsyncIterable<CargoDeliveryRequest> {
const dir = `${ROOT_DIR}/internet-bound/${publicGatewayAddress}`;
for await (const cargoPath of fs.readdir(dir)) {
yield { cargo: await fs.readFile(cargoPath), localId: cargoPath };
}
}
If you're writing a CogRPC server in a courier or a public gateway, you may want to use the following values exported by this library:
CargoRelayService
, which is the ProtoBuf representation of the service.CargoDelivery
and CargoDeliveryAck
, the interfaces for the data exchanged over gRPC.If you have any questions or comments, please create an issue on GitHub.
Releases are automatically published on GitHub and NPM, and the changelog can be found on GitHub. This project uses semantic versioning.
FAQs
Relaynet CogRPC binding
We found that @relaycorp/cogrpc demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.