Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Specification for BIPF (Binary In-Place Format). A binary format designed for in-place (without parsing) reads, with schemaless json-like semantics.
Data are type-length-value (TLV) encoded in BIPF. The type and length are packed into a varint called tag. The type is stored in the lowest 3 bits, and the length the higher bits.
Since a varint can store values up to 128 bits in a single byte, values less than 16 bytes long have a one byte tag, and values up to 8k long have a two byte tag, values up to 1048576 bytes have a 3 byte tag, and so on. See varints in protobuf for more information.
<tag: varint(encoding_length(value) << 3 | type)><value>
The type indicates the encoding of the value.
Valid types are:
STRING : 0 (000) // utf8 encoded string
BUFFER : 1 (001) // raw binary buffer
INT : 2 (010) // little endian 32 bit integer
DOUBLE : 3 (011) // little endian 64 bit float
ARRAY : 4 (100) // sequence of any other value
OBJECT : 5 (101) // sequence of alternating bipf encoded key and value
BOOLNULL: 6 (110) // 1 = true, 0 = false, no value means null
EXTENDED: 7 (111) // custom type. Specific type should be indicated by varint at start of buffer
This repo contains a fixtures.json
with different examples. The json
and binary (bipf) values are hex encoded buffers.
For a detailed motivation, please refer to: https://github.com/ssbc/bipf#motivation.
FAQs
binary in-place format specification
The npm package bipf-spec receives a total of 0 weekly downloads. As such, bipf-spec popularity was classified as not popular.
We found that bipf-spec demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.