Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@socketsupply/netsim
Advanced tools
netsim deterministically simulates networks for use testing distributed and peer to peer systems.
netsim deterministically simulates networks for use testing distributed and peer to peer systems.
These are difficult to test, because firstly, packets can get dropped or delivered out of order, so we need to be able to ensure that code has the correct behavior irrespective of message reliability or ordering.
And secondly, because the network is complicated and it's behavior depends on many aspects of configuration that are not easily reproducable -- such as using different styles of Network Address Translation (NAT) This avoids neeeding to coordinate a large number of test devices, and more importantly, a test network, and makes it possible to introduce failures intensionally so they that behavior can be tested in those cases.
This module does not replicate the entire os level networking interface, but if you write code using it's patterns it can produce a lightweight simulation. So far, netsim
is being used to write tests for introducer
it focuses specifially on dgram, modelling tcp is not currently planned.
a node represents a peer/device on the network.
send msg
to {address, port}
from send_port
.
(note, dgram usually requires "binding" the port, but this detail is simply rolled into specifying the port to send from. The "birthday paradox NAT traversal" technique requires sending packets from and to many ports, so this interface simplifies that)
call a function later. it's usually necessary to use timers and delays, to for example, deal with latency, so these need to be modelable.
if repeat
is non zero, the function ft
is called repeatedly every repeat
(simulated) ms.
if delay
is non zero, the first call of fn
is delayed. If delay
is non-zero, but repeat
is zero,
then fn
is called after the delay, but not again.
if fn
returns false
the repeating interval is cancelled, fn
will not be called again.
used to simulate nodes suspending/power down.
true=suspend the node. any incoming packets are ignored, and any timers are delayed until wake up. false=wakeup from sleep. timers will now be called. new messages will now be received.
any messages sent to a peer while sleeping are dropped.
a simulated network of nodes.
adds a node to this network. other nodes in this network will now be able to send packets to this node. a node may only be in a single network at a time.
the node
can also be a subnetwork nat
. see below
remove node from this network.
run the network simulation until time until_ts
. a newly Network will start at time 0.
run the network simulation a fixed number of steps, or until there are no more steps.
if step = -1
then will not stop until there are events to run.
If the simulation contains repeating timers it this will cause it to run for every,
so use iterateUntil
in that case.
Creates a simulated local network, with Network Address Translation. NAT comes in a number of different flavors.
adds a node to this subnetwork. address
must match the prefix
passed to the Nat constructor.
inherited from network.remove
time that a port mapping on a firewall nat remains open. I tried several nats (that I had on hand) and found 30 seconds to be the lowest time they stayed open, so I set the default time to that.
FAQs
netsim deterministically simulates networks for use testing distributed and peer to peer systems.
The npm package @socketsupply/netsim receives a total of 0 weekly downloads. As such, @socketsupply/netsim popularity was classified as not popular.
We found that @socketsupply/netsim demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.