Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Suck a DAG out of a peer in the IPFS network.
npm i dagula
import * as Dagula from 'dagula/p2p.js'
const libp2p = await Dagula.getLibp2p()
const peer = '/dns4/elastic.dag.house/tcp/443/wss/p2p/bafzbeibhqavlasjc7dvbiopygwncnrtvjd2xmryk5laib7zyjor6kf3avm'
const dagula = await Dagula.fromNetwork(libp2p, { peer })
// fetch entire DAG
const cid = 'bafybeig4qjehigdddcoka23crh2s3vrautbep3topuoqblb4chkvvhpilu'
for await (const block of dagula.get(cid)) {
console.log(`${block.cid} (${block.bytes.length} bytes)`)
}
// fetch a file/directory
const path = 'bafybeiggvykl7skb2ndlmacg2k5modvudocffxjesexlod2pfvg5yhwrqm/2998.png'
for await (const entry of dagula.getUnixfs(path)) {
console.log(`${entry.path} (${entry.size} bytes)`)
// note: use `entry.content()` to get file data
}
# fetch a complete DAG (output format is CAR)
dagula get bafybeidtzj4g33h4d76nfyznjfcejyigejrjpqfzm6ydapuhd26asjg5re > output.car
# fetch a UnixFS file
dagula unixfs get bafybeidtzj4g33h4d76nfyznjfcejyigejrjpqfzm6ydapuhd26asjg5re/path/to/data.txt
# fetch a specific block
dagula block get bafybeidtzj4g33h4d76nfyznjfcejyigejrjpqfzm6ydapuhd26asjg5re
# configure peer to use
dagula peer set /dns4/elastic.dag.house/tcp/443/ws/p2p/bafzbeibhqavlasjc7dvbiopygwncnrtvjd2xmryk5laib7zyjor6kf3avm
Feel free to join in. All welcome. Open an issue!
Dual-licensed under MIT + Apache 2.0
FAQs
Suck a DAG out of a peer in the IPFS network.
The npm package dagula receives a total of 8 weekly downloads. As such, dagula popularity was classified as not popular.
We found that dagula demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.