Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Arc RPC allows you to remotely call functions on other processes or even other hardware using these few main concepts
Here is a basic example of using RPC with socket.io
client.js
// Include library for socket RPC clients
let ClientSocketRpc = require("arc-rpc").ClientSocketRpc
// Define `serverRpc` in higher scope for testing purposes
let serverRpc = null
// Example remotely-callable class (this can be anything)
class ClientClass {
// Example method
async clientTest() {
console.log("Remotely called by server, calling server method.")
// Call remote as if it was a local class instance
await rpc.class.serverTest()
// This is garuanteed to be afterwards, as ES7 awaits are used
console.log("Called remote server method!")
}
}
// Create RPC to server over socket.io socket, predefined encryption key, with an instance of the example client class
serverRpc = new ClientSocketRpc ("127.0.0.1", 9919, Buffer.from ('flbd+mTz8bIWl2DQxFMKHYAA1+PFxpEKmVNsZpFP5xQ=', 'base64'), new ClientClass())
server.js
// Include library for socket RPC servers
let ServerSocketRpcMaster = require("arc-rpc").ServerSocketRpcMaster
// Example remotely-callable class (this can be anything)
class ServerClass {
async serverTest() {
console.log("Remotely called by client.")
}
}
// Create RPC master/listener, on socket.io connection, predefined encryption key, with an instance of the example server class
let rpcMaster = new ServerSocketRpcMaster (9919, Buffer.from ('flbd+mTz8bIWl2DQxFMKHYAA1+PFxpEKmVNsZpFP5xQ=', 'base64'), new ServerClass())
// Listen for new clients
rpcMaster.on("client", async (clientRpc) => {
console.log("Got new client, remotely calling client test.")
// Call remote as if it was a local class instance
await clientRpc.class.clientTest()
// This is garuanteed to be afterwards, as ES7 awaits are used
console.log("Remotely called client test!")
})
I'll get to completing this later
FAQs
Asynchronous Remote Classes make RPC simple
The npm package arc-rpc receives a total of 1 weekly downloads. As such, arc-rpc popularity was classified as not popular.
We found that arc-rpc demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.