Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
dcp
- Dat CopyRemote file copy, powered by the Dat protocol.
dcp
copies files between hosts on a network using the peer-to-peer Dat network. dcp
can be seen as an alternative to tools like scp
, removing the need to configure SSH access between hosts. This lets you transfer files between two remote hosts, without you needing to worry about the specifics of how said hosts reach each other and regardless of whether hosts are behind NATs.
dcp
requires zero configuration and is secure, fast, and peer-to-peer.
WARNING - this is not production-ready software. Use at your own risk
dcp
worksdcp
will create a dat archive for a specified set of files or directories and, using the generated public key, lets you download said archive from other hosts. Any data shared over the network is encrypted using the public key of the archive, meaning data access is limited to those who have access to said key. For more information on how Dat works, you can browse the docs or read their whitepaper.
dcp
is designed to have an API that is more reminiscent of scp
and rsync
. The standard cli dat
program requires the additional mental overhead of understanding how the underlying Dat protocol works. dat
forces you to share a single whole folder, whilst with dcp
you can copy an arbitrary set of paths. dat
also pollutes the filesystem with metadata files, whereas with dcp
these are kept in-memory instead.
You can expect dcp
to transfer at a similar speed to both rsync
and scp
.
Here's a benchmark for moving a 396.12MB file from my personal computer to a remote server over my 50mpbs connection.
Method | Time |
---|---|
rsync | 1m07s |
scp | 1m07s |
dcp | 1m10s |
npm i -g dat-cp
Alternatively, packaged binaries are available on the releases page. These bundle all dependencies into a single standalone binary.
Simply extract the zip and move the dcp[.exe]
binary to a folder in your path, e.g. /usr/local/bin
.
Usage: dcp [options] {files ... | key}
Dat Copy - remote file copy, powered by the dat protocol.
Options:
-V, --version output the version number
-r, --recursive recursively copy directories
-n, --dry-run show what files would have been copied
--skip-prompt automatically download without a prompt
-v, --verbose verbose mode - prints extra debugging messages
-h, --help output usage information
Example:
Send files from host A:
> dcp foo.txt bar.txt
Receive files on host B:
> dcp <generated public key>
Pass an arbitrary set of files or directories to dcp
to be copied. Copy the generated public key and use it to receive the files on a different host.
> dcp [-r] [-n] [-v] files ...
-n
/--dry-run
to see what files will be sent-r
/--recursive
to recursively copy files within directories-v
/--verbose
to print extra debugging informationInvoke dcp
with the generated public key to receive the copied files.
> dcp [-n] [-v] [--skip-prompt] <generated public key>
-n
/--dry-run
to see what files will be received-v
/--verbose
to print extra debugging information--skip-prompt
to skip the download promptInstall dependencies:
npm i
Run the tests:
npm t
Test the CLI executable
npm run cli -- foo.txt -v
Note the --
preceding the arguments.
FAQs
Dat Copy - remote file copy, powered by the dat protocol
The npm package dat-cp receives a total of 2 weekly downloads. As such, dat-cp popularity was classified as not popular.
We found that dat-cp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.