Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
██████ ██ ██ ███████ ███████ ███████ ██████ ███████ ██ ███ ██ ██ ██
██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ ██ ██ ██
██████ ██ ██ █████ █████ █████ ██████ ███████ ██ ██ ██ ██ █████
██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
██████ ██████ ██ ██ ███████ ██ ██ ███████ ██ ██ ████ ██ ██
AssemblyScript - v1.0.1
About
This library provides a centralized buffer for managing memory in AssemblyScript. It keeps track of a single buffer, the current offset, and handles allocations. Using a singular buffer essentially eliminates the need for any calls to memory.copy() as well as any malloc() or realloc()-type calls. Highly unsafe, but extremely useful for extraordinarily high-performance scenarios.
This library is what makes as-json operate in the multi-gigabyte-per-second ranges
To take a look at some practical uses of as-bs, check out the functions here
Installation
npm install as-bs
🚨 IMPORTANT 🚨
To make sure we all depend on the same version of as-bs, please modify your package.json to meet the following
Forgoing this will result in fragmentation and just a lot of problems.
"dependencies": {
"as-bs": "latest"
}
Usage
Here's an example taken out of as-json
This is an example of as-bs used right
import { bs } from "as-bs";
function serializeString(src: string): string {
const srcSize = bytes(src);
bs.ensureSize(srcSize + 4);
let srcPtr = changetype<usize>(src);
const srcEnd = srcPtr + srcSize;
store<u16>(bs.offset, QUOTE);
bs.offset += 2;
let lastPtr: i32 = srcPtr;
while (srcPtr < srcEnd) {
const code = load<u16>(srcPtr);
if (code == 34 || code == 92 || code < 32) {
const remBytes = srcPtr - lastPtr;
memory.copy(bs.offset, lastPtr, remBytes);
bs.offset += remBytes;
const escaped = load<u32>(SERIALIZE_ESCAPE_TABLE + (code << 2));
if ((escaped & 0xffff) != BACK_SLASH) {
bs.ensureCapacity(12);
store<u64>(bs.offset, 13511005048209500, 0);
store<u32>(bs.offset, escaped, 8);
bs.offset += 12;
} else {
bs.ensureCapacity(4);
store<u32>(bs.offset, escaped, 0);
bs.offset += 4;
}
lastPtr = srcPtr + 2;
}
srcPtr += 2;
}
const remBytes = srcEnd - lastPtr;
memory.copy(bs.offset, lastPtr, remBytes);
bs.offset += remBytes;
store<u16>(bs.offset, QUOTE);
bs.offset += 2;
return bs.out<string>();
}
If you use this project in your codebase, consider dropping a star. I would really appreciate it!
Issues
Please submit an issue to https://github.com/JairusSW/as-bs/issues if you find anything wrong with this library
Keywords
FAQs
Near zero-alloc centralized buffer for high performance applications
We found that as-bs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 07 Jan 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025