Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Deterministic event-sourced state and side effect handling for blockchain applications
Demux is a backend infrastructure pattern for sourcing blockchain events to deterministically update queryable datastores and trigger side effects. This library serves as a reference implementation of that pattern for use with Node applications.
# Using yarn
yarn add demux
# Using npm
npm install demux --save
Taking inspiration from the Flux Architecture pattern and Redux, Demux was born out of the following qualifications:
Storing data in indexed state on blockchains can be useful for three reasons: decentralized consensus of computation results, usage of state from within other blockchain computations, and for retrieval of state for use in client front-ends. When building more complicated front-ends, you run into a few problems when retrieving directly from indexed blockchain state:
Demux solves these problems by off-loading queries to any persistence layer that you want. As blockchain events happen, your chosen persistence layer is updated by updater
functions, which deterministically process an array of Action
objects. The persistence layer can then be queried by your front-end through a suitable API (for example, REST or GraphQL).
This means that we can separate our concerns: for data that needs decentralized consensus of computation or access from other blockchain events, we can still store the data in indexed blockchain state, without having to worry about tailoring to front-end queries. For data required by our front-end, we can pre-process and index data in a way that makes it easy for it to be queried, in a horizontally scalable persistence layer of our choice. The end result is that both systems can serve their purpose more effectively.
Since we have a system for acting upon specific blockchain events deterministically, we can utilize this system to manage non-deterministic events as well. These effect
functions work almost exactly the same as updater
functions, except they run asynchronously, are not run during replays, and modifying the deterministic datastore is off-limits. Examples include: signing and broadcasting a transaction, sending an email, and initiating a traditional fiat payment.
There are other solutions to the above problems that involve legacy persistence layers that are their own sources of truth. By deriving all state from the blockchain, however, we gain the following benefits:
Repository | Description |
---|---|
EOSIO / demux-js-eos * | Action Reader implementations for EOSIO blockchains |
EOSIO / demux-js-postgres * | Action Handler implementation for Postgres databases |
Zapata / demux-js-bitshares | Action Reader implementations for BitShares blockchain |
* Officially supported by Block.one
To get your project listed, add it here and submit a PR!
This library provides the following classes:
AbstractActionReader
: Abstract class used for implementing your own Action Readers
AbstractActionHandler
: Abstract class used for implementing your own Action Handlers
BaseActionWatcher
: Base class that implements a ready-to-use Action Watcher
ExpressActionWatcher
: Exposes the API methods from the BaseActionWatcher through an Express server
In order to process actions, we need the following things:
AbstractActionReader
AbstractActionHandler
HandlerVersion
, which contain Updater
and Effect
arraysAfter we have these things, we need to:
AbstractActionReader
with any needed configurationAbstractActionHandler
, passing in the HandlerVersion
and any other needed configurationBaseActionWatcher
(or a subclass), passing in the Action Handler and Action Watcher instanceswatch()
method (by either calling it directly or otherwise)const { BaseActionWatcher, ExpressActionWatcher } = require("demux")
const { MyActionReader } = require("./MyActionReader")
const { MyActionHandler } = require("./MyActionHandler")
const { handlerVersions } = require("./handlerVersions")
const { readerConfig, handlerConfig, pollInterval, portNumber } = require("./config")
const actionReader = new MyActionReader(readerConfig)
const actioHandler = new MyActionHandler(handlerVersions, handlerConfig)
Then, either
const watcher = new BaseActionWatcher(
actionReader,
actionHandler,
pollInterval,
)
watcher.watch()
Or,
const expressWatcher = new ExpressActionWatcher(
actionReader,
actionHandler,
pollInterval,
portNumber,
)
expressWatcher.listen()
// You can then make a POST request to `/start` on your configured endpoint
FAQs
Deterministic event-sourced state and side effect handling for blockchain applications
We found that demux demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.