Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
dcp-service-worker
Advanced tools
This is the official Node DCP Service Worker implementation for DCP, the Distributed Compute Protocol. This code implements a DCP Worker which is intended to be executed as a system service, eg. via systemctl under Linux, run as a Windows Service, etc.
Note that, in order to run this DCP Worker, you also need a DCP Evaluator; we use a completely separate build process, unrelated to NodeJS and NPM, to create our evaluators for security reasons. Our native evaluator embeds Google's V8 JavaScript engine directly; this evaluator hosts the sandbox which executes DCP workload.
You can find a complete package for Linux, including Evaluator binaries at https://archive.distributed.computer/releases/, and documentation at https://docs.distributed.computer/worker/readme.html. If you are a developer who is interested in porting the Evaluator to your own platform, please contact us and we will grant you early access to the MIT-licensed source code. The build is CMake with GN and largely based around V8.
Date | Author | Change |
---|---|---|
Mar 29 2021 | Wes Garland | Early Developer Preview Release |
DCP is currently (May 2020) in testing for a limited set of developers under our Early Developer Preview program. If you would like to be part of our First Dev cohort, visit https://dcp.dev/ and sign up!
Other utilities for developers working with DCP can be retrieved via npm, and include:
dcp-client
- the official client library for DCP, the Distributed Compute Protocoldcp-util
- a series of utilities for working with DCP; manipulate keystores, cancel jobs, etc.niim
- a command-line debugger for NodeJS (fork of node-inspect) which can debug DCP programs (passphrase prompts cause problems with node-inspect mainline)A NodeJS daemon which
A NodeJS daemon which
A user-facing web application which allows or enables
A JavaScript program which includes a Supervisor and one or more Sandboxes
A component of a Worker, used to execute arbitrary JavaScript code in a secure environment. Currently implemented by the DistributedWorker class (whose name will change some day). Generally speaking, we use one Sandbox per CPU core, although we might use more in order to work around system scheduler deficiencies, network overhead, etc. Sandboxes in the web browser are implemented using window.Worker().
The component of a Worker which communicates with the Scheduler and Sandboxen.
The collection consisting of an input set, Work Function and result setup. Referred to in early versions of the Compute API (incorrectly) as a Generator.
A unit of work, represented as source code plus data and meta data, which has a single entry point and return type. Each Slice in a Job corresponds to exactly one element in the Job's input set.
A unit of work which is composed of one or more slices, which can be executed by a single worker. Each Slice of each Task will be from the same Job.
A function which is executed once per Slice for a given Job, accepting the input datum and returning a result which is added to the result set.
A unit of source code which can be used by, but addressed independently of, a Work Function. Compute API modules are similar to CommonJS modules.
A group of related modules
A parallel supercomputer consisting of one or more schedulers and workers. When used as a proper noun, the distributed computer being discussed is the one hosted at https://portal.distributed.computer/
A ledger which acts a repository for DCC which is not on the block chain. The Bank can move DCC between Bank Accounts much more quickly than it can move DCC between Addresses on the Ethereum block chain network. Meta data attached to bank accounts can restrict certain operations, such as ear-marking funds for use only by job deployment.
A unique identifier in DCP which can be used as a Bank Account identifier (account number) or Address on the Ethereum network.
In the general (blockchain) sense, a wallet is a piece of software that allows the user to interact with the greater economy as a whole. So as your actual wallet in your pocket has your cash and credit cards and you access your wallet in order to make a purchase and keep records (by pulling out cash or cards, and stuffing receipts back in), a blockchain wallet performs a similar function in that it gives you a place to store your private keys (your money), it provides a balance of what all those moneys add up to, it provides a way to receive moneys and send moneys, and provides a record of all those sends and receives. Most blockchain wallets provide at least 3 basic functions
Additionally, most of the current crypto wallets (such as Bitcoin core) provide blockchain validation and consensus functions in that they can act to create or validate new blocks to the chain in addition to creating or validating transactions.
The Distributed.Computer acts as a Wallet; the platform exposes Wallet-related functionality both via software APIs and the portal web site.
A data structure which stores an encrypted key pair (address + private key). Generally speaking, the keystore will be encrypted with a passphrase.
A file which stores a JSON-encoded Keystore.
FAQs
DCP Service Worker
The npm package dcp-service-worker receives a total of 2 weekly downloads. As such, dcp-service-worker popularity was classified as not popular.
We found that dcp-service-worker demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.