Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
An node.js implementation of devp2p's Distrubuted Peer Table. A DPT is like DHT but just stores peering info.
npm install devp2p-dpt
For a basic example see example/
new DPT(options)
Create a New DPT with the following options
-options
secretKey
- a 32 byte Buffer
from which the pubic key is derivedtimeout
- an Interger specifing the wait period in milliseconds to wait for peers to respondport
- the port external port that this peer is listening to. If not specifed the port that is used in bound
will be usedaddress
- the external address that this peer is listening to. if not specifed the port that is used in bound
will be usedDPT
methodsdpt.bind(port, address, [cb])
Binds the port
port
address
cb
the callbackdpt.close([cb])
Unbinds the port
dpt.bootstrap(introPeers, [cb])
Bootstraps the DPT given an array of peers to connect to.
introPeers
- an Array
of peers to try to connect to. They should be objects in following format.{
address: String
port: Number
}
dpt.refresh()
Refreshes the nodes and searches for new nodes
DPT
eventsThe DPT object inherits from Events.EventEmitter and emits the following events.
ping
- Fires when receiving a Ping. Provides a parsed ping packets and the peer it came frompong
- Fires when receiving a pong. Provides a parsed ping packets and the peer it came fromfindNode
- Fires when receiving a findNode. Provides a parsed ping packets and the peer it came fromneighbors
- Fires when receiving a neighbors. Provides a parsed ping packets and the peer it came fromerror
- Provides and error messagePatches welcome! Contributors are listed in the package.json
file.
Please run the tests before opening a pull request and make sure that you are
passing all of them.
If you would like to contribute, but don't know what to work on, check the issues list or ask on the forms or on IRC.
When you find issues, please report them:
You can also look for null_radix in #ethereum-dev on irc://irc.freenode.net.
GPL3
FAQs
An implemention of ethereum's DHT
We found that devp2p-dpt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.