Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

arcjet

Package Overview
Dependencies
Maintainers
2
Versions
37
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

arcjet - npm Package Compare versions

Comparing version 0.5.1 to 1.0.0-alpha.0

index.d.ts

83

package.json
{
"name": "arcjet",
"version": "0.5.1",
"main": "lib/index.js",
"author": "Hunter Trujillo <cryptoquick@gmail.com>",
"license": "MIT",
"repository": "arcjet/arcjet",
"homepage": "https://www.arcjet.com",
"bin": {
"arcjet": "lib/arcjet.js"
"version": "1.0.0-alpha.0",
"description": "Arcjet TypeScript and JavaScript SDK core",
"license": "Apache-2.0",
"homepage": "https://arcjet.com",
"repository": {
"type": "git",
"url": "git+https://github.com/arcjet/arcjet-js.git",
"directory": "arcjet"
},
"engines": {
"node": ">=18"
},
"type": "module",
"main": "./index.js",
"types": "./index.d.ts",
"files": [
"LICENSE",
"README.md",
"*.js",
"*.d.ts",
"*.ts",
"!*.config.js"
],
"scripts": {
"start": "arcjet",
"build": "tsc -p ./tsconfig.json",
"build:watch": "tsc -p ./tsconfig.json --watch",
"test": "ava \"**/*.test.ts\""
"prepublishOnly": "npm run build",
"build": "rollup --config rollup.config.js",
"lint": "eslint .",
"test": "NODE_OPTIONS=--experimental-vm-modules jest"
},
"devDependencies": {
"@types/got": "^8.3.3",
"ava": "^1.0.0-beta.6",
"ts-node": "^7.0.0",
"typescript": "^3.0.1"
},
"dependencies": {
"@types/cors": "^2.8.4",
"@types/express": "^4.16.0",
"@types/luxon": "^1.2.2",
"@types/node": "^10.5.5",
"@types/qrcode": "^1.2.0",
"body-parser": "^1.18.3",
"caporal": "^0.10.0",
"cors": "^2.8.4",
"express": "^4.16.3",
"got": "^9.0.0",
"luxon": "^1.3.3",
"qrcode": "^1.2.2",
"tweetnacl": "^1.0.0"
"@arcjet/analyze": "1.0.0-alpha.0",
"@arcjet/logger": "1.0.0-alpha.0",
"@arcjet/protocol": "1.0.0-alpha.0"
},
"engines": {
"node": ">=9.9.0"
"devDependencies": {
"@arcjet/eslint-config": "1.0.0-alpha.0",
"@arcjet/rollup-config": "1.0.0-alpha.0",
"@arcjet/tsconfig": "1.0.0-alpha.0",
"@edge-runtime/jest-environment": "2.3.7",
"@jest/globals": "29.7.0",
"@types/node": "18.18.0",
"jest": "29.7.0",
"rollup": "4.6.1",
"typescript": "5.3.2"
},
"ava": {
"compileEnhancements": false,
"extensions": [
"ts"
],
"require": [
"ts-node/register"
]
"publishConfig": {
"access": "public",
"tag": "latest"
}
}

@@ -1,118 +0,90 @@

# Arcjet Platform - Distributed Datastore & Client Library
<a href="https://arcjet.com" target="_arcjet-home">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="https://arcjet.com/arcjet-logo-minimal-dark-mark-all.svg">
<img src="https://arcjet.com/arcjet-logo-minimal-light-mark-all.svg" alt="Arcjet Logo" height="128" width="auto">
</picture>
</a>
[![npm version](https://badge.fury.io/js/arcjet.svg)](https://badge.fury.io/js/arcjet)
[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Farcjet%2Farcjet.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Farcjet%2Farcjet?ref=badge_shield)
# `arcjet`
Be sure to check out our progress on our project board: https://github.com/arcjet/arcjet/projects/1
<p>
<picture>
<source media="(prefers-color-scheme: dark)" srcset="https://img.shields.io/badge/%E2%9C%A6Aj-1.0.0--alpha.0-5C5866?style=flat-square&labelColor=000000">
<img src="https://img.shields.io/badge/%E2%9C%A6Aj-1.0.0--alpha.0-ECE6F0?style=flat-square&labelColor=ECE6F0">
</picture>
</p>
## Disclaimer
[Arcjet][arcjet] helps developers protect their apps. Installed as an SDK, it
provides a set of core primitives such as rate limiting and bot protection.
These can be used independently or combined to create a set of layered defenses,
such as signup form protection.
This is beta software, the API of which is not yet finalized, nor is the record format. Any code written for this platform will have to be refactored once 1.0 is released, and records migrated. 1.0 is expected to be sometime in early September, 2018.
This is the [Arcjet][arcjet] TypeScript and JavaScript SDK core.
## Background
## Getting started
Most every current system has points of centralization. Even decentralized systems need interfaces to commonly centralized networks. These centralized networks are massive single points of failure. Failure of these systems would often result in widespread network outages and would be front-page news. This process of centralization would also result in the accumulation of wealth by centralized server operators to a degree that our civilization has never seen before.
Visit [docs.arcjet.com](https://docs.arcjet.com) to get started.
In an effort to move away from centralized systems, the Decentralized App, or "DApp" ecosystem was created. DApps were notoriously hard to develop, expensive to use, and presented a high barrier-to-entry to users.
Generally, you'll want to use the Arcjet SDK for your specific framework, such
as [`@arcjet/next`](../arcjet-next/README.md) for Next.js. However, this package
can be used to interact with Arcjet if your framework does not have an
integration.
Previous implementations of Distributed Hash Table\*, or DHT-based object stores were problematic in that they had the potential to result in eventual data loss of less popular data due to their focus on MRU (most-recently used) data. One thing that's important to acknowledge in any DApp ecosystem is that the utility of these decentralized systems is lost when data loss is a potential risk of using those networks. Since they are free to use, they don't provide any storage guarantees.
## Installation
After working with a few DHT-based networks, such as IPFS and Swarm, it was determined that current efforts are under-serving DApp developers, and a new approach might be warranted.
```shell
npm install -S arcjet
```
Arcjet is a DHT network written to incentivize operators to grow their systems as demand grows and as data gets stored long-term. Contracts are also meant to always be cheaper than traditional cloud storage operators.
## Example
The Arcjet Client runs the same algorithms used by the servers, compiled to WebAssembly thanks to developers on the Cyph project, and verifies all data it receives for veracity and integrity.
```ts
import http from "http";
import arcjet, { createRemoteClient, defaultBaseUrl } from "arcjet";
import { createConnectTransport } from "@connectrpc/connect-node";
It's important to note that, currently the Arcjet Network runs behind a Gateway Server that proxies all requests from networks that require the use of Internet Protocol and the Domain Name System. This is a point of centralization that is necessary for working with current browsers. It is our hope that browser vendors will work to establish interfaces to distributed systems like Arcjet so direct Peer-to-Peer connections are possible to serve requests to "Internet 3" traffic. This would result in truly Distributed Apps, not just Decentralized Apps, or the DApp 2.0.
const aj = arcjet({
key: "ajkey_mykey",
rules: [],
client: createRemoteClient({
transport: createConnectTransport({
baseUrl: defaultBaseUrl(),
httpVersion: "1.1",
}),
}),
});
\* A hash table is a means of storing and retrieving a data record by the hash of its data. A hash is a very large number that is a representation of that data produced by an algorithm that processes the data itself, that can consistently provide the same number given the same data, and a different number with different data. The result of a cryptographic hash cannot be predicted beforehand; it must be run over the data to retrieve it.
const server = http.createServer(async function (
req: http.IncomingMessage,
res: http.ServerResponse,
) {
// Construct an object with Arcjet request details
const details = {
ip: req.socket.remoteAddress,
};
A distributed hash table will associate a desired hash with a peer ID, so it knows who to ask for that data, allowing it to be spread amongst many different peers.
const decision = await aj.protect(details);
## Goals
if (decision.isDenied()) {
res.writeHead(403, { "Content-Type": "application/json" });
res.end(JSON.stringify({ error: "Forbidden" }));
} else {
res.writeHead(200, { "Content-Type": "application/json" });
res.end(JSON.stringify({ data: "Hello World!" }));
}
});
1. Provide a database that can be operated by anyone while DApp Owners can still trust the integrity of their data.
1. Allow Server Operators to build a robust network while running their servers on inexpensive consumer-grade hardware.
1. Provide a sufficiently distributed network with a high enough replication factor to prevent outages.
1. Track Server Operator contributions and periodically obligate DApp Owners to pay operators to incentivize growth of the network.
1. Reward serving least-recently used content to incentivize storage of older records and prevent data loss.
1. Use the latest in security advancements in order to future-proof the network, with security being just as important as performance.
1. Build towards full decentralization of the network while maintaining trust and the veracity of operator rewards.
1. Work with browser clients to fully decentralize internet traffic to DApps.
1. Maintain an optional content blacklist as a guideline to server operators to allow them to operate distributed networks safely.
1. Make useful tools that help DApp developers #BUIDL.
## Rationale
Arcjet is written in TypeScript so as to keep the project approachable to traditional web developers, instead of keeping the technology behind the locked doors of a class of benevolent techno-priests where only they are able to decipher and maintain the code for their users.
Arcjet doesn't use a centralized blockchain, in order to help provide for the scale desired. Minichains of records are created for each Owner Record. All data has an owner with a key, and that owner is expected to pay for that data. Users trusted by a site can have their data paid for on behalf of a Site Owner, if that Site Owner adopts Owner records associated with their owner parent record.
The Arcjet network means to solve a few problems in adversarial networks. However, there still exists a few problems with this approach, and this is the best we've been able to come up with so far. It's important and good to acknowledge the weaknesses of all solutions, including this one. Arcjet is meant to solve a few security problems with the techniques used, but there are still possible vulnerabilities that will be important to solve.
1. Birthday attacks - The idea behind the the Birthday attack is that if your hashes use too small a number, and are predictable enough, one could wind up with the same hash as another record and impersonate that record with something malicious. This is a truly hard problem of computer science. As with most security mechanisms, it's just helped by making it extremely difficult for attackers to perform by using fantastically large numbers. Maybe quantum computers will be a little better at solving these problems, but the difficulty of implementing a modern cryptographic hashing algorithm on quantum hardware, in addition to the fantastically large number, should make this very, very, difficult to do. Further, with a network of sufficient size, only a few users would be affected by Birthday attackers impersonating records.
1. DDoS attacks - A traditional DDoS is possible, as is the possibility to flood the network with garbage data. Hopefully risk of DDoS would be reduced as the network grows and peer-to-peer connections are made. Site Owners don't have as much to worry about DDoS as Server Operators, due to LRU pricing. If the network runs out of space, records can be freed at the end of the payment period after the next; if they're not paid for after two payment periods, they are removed and storage is freed.
1. Double-spend - Arcjet's version of double-spend is that currently our gateway server keeps track of all traffic through our server, allowing us to reward server operators and grow the network. A Server Operator, if operating their own gateway, could lie and say Site Owners owe them a zillion dollars, and hold a portion of their records hostage. If site operators could pick and choose who they paid, that'd also present a problem. One possible solution in a fully distributed network is for clients to make several requests for the same resource, and have Site Operators keep track of others' activities, using an operator's number of proven transactions as a means of preventing sybil attacks somehow. This could be called Proof of Transaction, and it's likely something that solveable and could be solved soon.
1. The Sybil-attack might be a problem, but it more falls into the above considerations, than just a traditional multiple-user attack. This network was designed to accommodate a large number of users, and no special privileges are given to users until they do work, such as serving a transaction, at which point, they wouldn't be that adversarial.
## Architecture
- TypeScript
- Browser and Server
- Browser & Server both verify SHA and MAC
- Event-Driven (Streaming)
## Protocol
- Linked Record "Minichains"
- Owner Record Public Key
## Data Format
Record format (tab-delimited)
```js
const record = [
ownerHash, // 64
parentHash, // 64
dataHash, // 128
encoding.padEnd(32, ' '), // 32
type.padEnd(32, ' '), // 32
tag.padEnd(32, ' '), // 32
signature, // 82256
data, // <1000000000 (1GB)
].join('\t')
const line = [recordHash, record].join('\t') + '\n'
server.listen(8000);
```
## Owner Records
## API
- Record Hash
- Owner ID - Points to an owner record hash, that contains a public key for that owner. That is a record used to begin a chain of records.
Reference documentation is available at [docs.arcjet.com][ts-sdk-docs].
## Find Records
## License
Arcjet finds records by keeping track of the most recent hash an record owner has contributed. This is then used to work backwards through all records that match the tag they've specified.
Licensed under the [Apache License, Version 2.0][apache-license].
Tag indexes will be added soon.
### Find by Owner & Tag
`/find/{64-character ownerHash}/{<=32-character tag}/{limit}/{skip}`
(limit and skip are optional; omit them if you want all records)
### Find by Data Hash
`/find/{64-character ownerHash}/{128-character dataHash}`
## Roadmap
- Fixed to UTF-8 encoding for now. Add encodings and mimetypes.
- More event-driven / stream features
- Image resizing
## License
[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Farcjet%2Farcjet.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Farcjet%2Farcjet?ref=badge_large)
[arcjet]: https://arcjet.com
[ts-sdk-docs]: https://docs.arcjet.com/reference/ts-js
[apache-license]: http://www.apache.org/licenses/LICENSE-2.0

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc