Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
bsocial-junglebus
Advanced tools
Bitcoin Social (BitcoinSchema) transaction indexer
bSocial-junglebus is a Bitbus compatible Bitcoin Social indexer. It scans all MAP compatible transactions and processes them into a global bSocial state using JungleBus.
There are other ways to index bSocial transaction, for instance with bmap-planaria. The difference is that bSocial is optimized for the bitcoin social networking features and is less generic than bmap-planaria.
npm install -g bsocial-junglebus
Set the environment variables. You must at least set the JungleBus subscription id.
export BSOCIAL_SUBSCRIPTION_ID=""
And optionally overwrite the defaults for the database:
export BSOCIAL_MONGO_URL="mongodb://localhost:27017/bsocial-junglebus"
Indexing bSocial blocks can now be done by running
bsocial-junglebus
The arguments to the bsocial-junglebus cli are:
arg | Description |
---|---|
-s <subscription id> | JungleBus subscription id |
git clone https://github.com/icellan/bsocial-junglebus.git
bsocial-junglebus can run either with settings from a config file (config.json
) or from environment variables.
config.json
{
"subscriptionId": "...",
"mongoUrl": "mongodb://..."
}
environment
export BSOCIAL_SUBSCRIPTION_ID="..."
export BSOCIAL_MONGO_URL="mongo://..."
export BSOCIAL_DEBUG=""
export BSOCIAL_VERBOSE=1
export BSOCIAL_BITFS_STORE=1
export BSOCIAL_BITFS_MAX_LENGTH=10000
To run the indexer in watch mode, which also indexes all transactions in the mempool:
./start.sh
yarn test
or
yarn testwatch
npm install bsocial-junglebus
or
yarn add bsocial-junglebus
Make sure you set the environment variables before running any scripts:
export BSOCIAL_SUBSCRIPTION_ID = '<junglebus subscription id>';
export BSOCIAL_MONGO_URL = 'mongodb://localhost:27017/bsocial-junglebus';
Index all mined transactions + listen to the mempool:
import { watchBSocialTransactions } from 'bsocial-junglebus/dist';
(async function() {
await watchBSocialTransactions();
})();
There are also hooks available on all the BSocial collections, which you can use to do your own processing when a transaction comes in.
import { watchBSocialTransactions } from 'bsocial-junglebus/dist/watch';
import { BSOCIAL } from 'bsocial-junglebus/dist/schemas/bsocial';
import { LIKES } from 'bsocial-junglebus/dist/schemas/likes';
// BSocial contains the raw posts in bmap format
BSOCIAL.after('insert', async (doc) => {
// do something with the doc after insert
});
// The LIKES collection contains the like referenced to the tx and idKey
LIKES.before('insert', async(doc) => {
// do something with the doc before insert
// the modified doc is what will be inserted
});
(async function() {
await watchBSocialTransactions();
})();
Make sure babel is set up properly or that es6 is supported by your own package.
FAQs
Bitcoin Social indexer to MongoDB
We found that bsocial-junglebus demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.