Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
This is command-line program to host ad4m service and request to the service with build-in commands.
Dowload the latest program on the Release page, here take Mac os as example,
wget -O ad4m https://github.com/fluxsocial/ad4m-host/releases/download/v0.0.2/ad4m-macos-x64
chmod +x ./ad4m
Get help inforamtion for available commands,
./ad4m -h
./ad4m serve -h
./ad4m agent -h
Initialize the dependencies by coping the holochain binaries (Required),
# Initializes the ad4m-host with default config
./ad4m init
# Initalize ad4m-host with different environment using dataPath flag
./ad4m init --dataPath ad4m-host --networkBootstrapSeed ./custom_seed.json
# To override the environment you can use overrideConfig flag
./ad4m init --dataPath ad4m-host --networkBootstrapSeed ./custom_seed.json --overrideConfig
Run ad4m service with or without connecting to an existing running holochain process,
# connect with existing running holochain process
./ad4m serve --connectHolochain
# start its own holochain process (will use the default environment i.e ad4m)
./ad4m serve
# will start holochain process for this environment
./ad4m serve --dataPath environment_name
# Start server with only languageLanguage and ignore other languages
./ad4m serve --languageLanguageOnly
# Pass custom bootstrap languages & perspective
./ad4m serve --bootstrapLanguage ./bootstrap_language.json --bootstrapPerspective ./bootstrap_perspective.json
When running the AD4M executor for the very first time, we need to generate an agent (i.e. DID and keys) with:
./ad4m agent generate
After restart the ad4m service, it's usually necessary to check agent status and unlock the agent with passphrase,
./ad4m agent status
./ad4m agent unlock
Create an expression,
# show all the downloaded languages
./ad4m languages get --all
# install the note-ipfs language with its address
./ad4m languages get --address QmYVsrMpiFmV9S7bTWNAkUzSqjRJskQ8g4TWKKwKrHAPqL
# if got "not a trustedAgent error", try add a trusted agent with the language creator's did
./ad4m runtime addTrustedAgent --did "did:key:zQ3shfhvaHzE81hZqLorVNDmq971EpGPXq3nhyLF1JRP18LM3"
# create an expression with note-ipfs language, return the url of the expression
./ad4m expression create --content "This is a test note" --address QmYVsrMpiFmV9S7bTWNAkUzSqjRJskQ8g4TWKKwKrHAPqL
# get the expression with its url
./ad4m expression get --url "QmYVsrMpiFmV9S7bTWNAkUzSqjRJskQ8g4TWKKwKrHAPqL://QmSsCCtXMDAZXMpyiNLzwjGEU4hLmhG7fphidhEEodQ4Wy"
Publish a language,
# publish a template langauge by replacing the path and meta params.
# you can also omit the path and meta params, and input them interactively.
# it should give the address of the language.
./ad4m languages publish --path "/Users/kaichaosun/github/holo/ad4m-languages/release/shortform/bundle.js" --meta '{"name":"shortform-expression","description":"Shortform expression for flux application","possibleTemplateParams":["uid","name"],"sourceCodeLink":"https://github.com/juntofoundation/ad4m-languages"}'
# check the metadata of the template language
./ad4m languages meta --address QmWN1LBR3Zzx3yE7mncf93BPna8RbwtkSrYxTETktfpUyJ
# publish a language by appling template data to a template language
# it should give the address of the templated language
./ad4m languages applyTemplateAndPublish --address QmWN1LBR3Zzx3yE7mncf93BPna8RbwtkSrYxTETktfpUyJ --templateData '{"uid":"123","name":"test-shortform-expression"}'
# check the metadata of the templated language
./ad4m languages meta --address QmX2e2MaN9ayWaoA4MRhjjVw72RqgxUh7v7SWNbU5Kebpq
Create a perspective, and turns it into a neighbourhood
# shall all perspectives
./ad4m perspective get --all
# add a new perspective
# it should give a random unique ID that is used to reference it
./ad4m perspective add --name "A new perspective"
# get a specific perspective
./ad4m perspective get --uuid "22bdcd2b-44c4-416b-a9b8-8db089a361b0"
# add link to a perspective
# link contains a source, target and optional predicate
# in this example, the source is root, target is the note-ipfs expression we just created
./ad4m perspective addLink --uuid "22bdcd2b-44c4-416b-a9b8-8db089a361b0" --link '{"source":"root","target":"QmYVsrMpiFmV9S7bTWNAkUzSqjRJskQ8g4TWKKwKrHAPqL://QmSsCCtXMDAZXMpyiNLzwjGEU4hLmhG7fphidhEEodQ4Wy"}'
# a perspective can be shared by publish it, aka turning it into a neighbourhood.
# we need a language to store links, here we use social-context link language by templating it.
# it should give the address of our link language.
./ad4m languages applyTemplateAndPublish --address QmbCKYo6fWgEP7PiqoYH1jKiJHWFCnGUmwxDfUUEjXQvXB --templateData '{"uid":"123","name":"test-social-context"}'
# check the metadata of our link language
./ad4m languages meta --address QmYHx1LzwWevEH2dkyEzF3c5ALCHc1PcyBHwukVUdBLFBU
# publish perspective into neighbourhood with perspective id and link language address
# it should give the url of the neighbourhood, and further used to join the neighbourhood by other users
./ad4m neighbourhood publishFromPerspective --uuid "22bdcd2b-44c4-416b-a9b8-8db089a361b0" --address "QmYHx1LzwWevEH2dkyEzF3c5ALCHc1PcyBHwukVUdBLFBU" --meta '{"links":[]}'
# another user can join a neighbourhood
# it should give the id of a new perspective
./ad4m neighbourhood joinFromUrl --url 'neighbourhood://QmQggyZvTNkPJQM8m3439kCse5ZRRDAdD7NDR64xv5gTjm'
# the link added to a neighbourhood will be synced to another user and available to query
# it should give the links which usually contains the expression url in target
./ad4m perspective queryLinks --uuid "ac9e5301-fbf0-4049-abf6-c26f0959d93e" --query "{}"
# query the expression via url
./ad4m expression get --url "QmYVsrMpiFmV9S7bTWNAkUzSqjRJskQ8g4TWKKwKrHAPqL://QmSsCCtXMDAZXMpyiNLzwjGEU4hLmhG7fphidhEEodQ4Wy"
Install dependencies,
npm install
Prepare holochain binaries and bootstrap languages,
npm run prepare-dev
Local development without installing any binary,
npm run dev # start ad4m service
To build the binary package,
npm run release-macos
A handly online GraphQL client, https://hoppscotch.io/graphql. You can also save the querys and import/export the collections.
You can also use this pre-exported collection.
query agent status,
query agentStatus {
agentStatus {
did
didDocument
error
isInitialized
isUnlocked
}
}
unlock agent,
mutation agentUnlock($passphrase: String!) {
agentUnlock(passphrase: $passphrase) {
isInitialized
isUnlocked
did
error
}
}
variables,
{ "passphrase": "yourpassword" }
publish a language,
mutation languagePublish($languageMeta: LanguageMetaInput!, $languagePath: String!) {
languagePublish(languageMeta: $languageMeta, languagePath: $languagePath) {
name
address
author
description
possibleTemplateParams
sourceCodeLink
templateAppliedParams
templateSourceLanguageAddress
templated
}
}
variables,
{
"languageMeta": {
"name": "shortform-expression",
"description": "Shortform expression for flux application",
"possibleTemplateParams": ["uid", "name"],
"sourceCodeLink": "https://github.com/juntofoundation/ad4m-languages"
},
"languagePath": "your-language-path"
}
FAQs
Self hosting ad4m service
The npm package ad4m-host receives a total of 0 weekly downloads. As such, ad4m-host popularity was classified as not popular.
We found that ad4m-host demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.