git-remote-ipfs-mam
Advanced tools
Git remote that publishes to IPFS and broadcasts updates to the IOTA tangle.
Push and fetch commits to IPFS. Updates are broadcast to the IOTA tangle where others may retrieve the most recent version.
npm install --global git-remote-ipfs+mam
git push ipfs+mam:: --tags # you can't push all and tags at the same timegit push ipfs+mam:: --allmaster with tags and get an IPFS CID back:git push --tags ipfs+mam:: master
git pull ipfs::Qma5iwyvJqxzHqCT9aqyc7dxZXXGoDeSUyPYFqkCWGJw92
git clone ipfs::Qma5iwyvJqxzHqCT9aqyc7dxZXXGoDeSUyPYFqkCWGJw92 repo
IGIS_DEBUG=t git push ipfs::
This program is an extension of git-remote-ipfs. For information about the IPFS file structure, see that repository.
In IOTA, it is possible to write to any address. A Masked Authentication Message (MAM) channel is formed by including in each published message the next address that will be used.
When a repository is published, this remote publishes a signed JSON Linked Data object to the MAM channel for the format:
{
'@context': {
schema: 'http://schema.org/',
action: 'schema:action',
agent: 'schema:name',
repository: 'schema:url',
publisher: 'schema:url',
next_root: 'schema:url',
published_at: 'schema:datetime',
},
action: 'RepositoryUpdate',
repository: 'ipfs://QmThisIsTheCIDOfTheRepo',
publisher: 'did:key:zABase58EncodedED25519Key',
next_root: `iota://NEXT9TANGLE9ADDRESS9IN9THE9MAM9TREE:TAG9FROM9REPO9UUID`,
agent: 'git-remote-ipfs+mam',
published_at: new Date(),
'https://w3id.org/security#proof': {…}
}
Additionally, a signed JSON-LD object is published to the tangle address 99IPFS9MAM9CHNL9LINK9VA99${multicodec_of_repo_cid} of the format:
{
'@context': {
schema: 'http://schema.org/',
action: 'schema:action',
agent: 'schema:name',
publisher: 'schema:url',
bundle: 'schema:url',
published_at: 'schema:datetime',
},
action: 'MAMLink',
publisher: 'did:key:zABase58EncodedED25519Key',
bundle: `iota:bundle://IOTA9BUNDLE9HASH9In9MAM9TREE`,
agent: 'git-remote-ipfs+mam',
published_at: new Date(),
'https://w3id.org/security#proof': {…}
}
If a different remote is asked to clone from that CID, it can check that address and get the bundle hash of a message in the channel. The publisher field is also present in the IPFS repository, so the user is able to verify the signatures (and differentiate between genuine messages and those inserted by an attacker).
MIT
FAQs
Git remote that publishes to IPFS and broadcasts updates to the IOTA tangle.
We found that git-remote-ipfs-mam demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.