Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
p2p transport helpers, daemon and cli for git based on holepunch/hypercore stack
CLI, Daemon and Remote helper for git. It is based on holepunch for networking and data sharing.
gitpear creates local bare repository in application directory (default ~/.gitpear/<repository name>
), adds it as a git remote in corresponding repository with name pear
. So just like in traditional flow doing git push origin
, here we do git push pear
. Upon each push gitpear regenerates pack files that are shared in ephemeral hyperdrive.
To enable clone or fetch or pull using git <clone|fetch|pull> pear:<public key>/<repo name>
. It implements git remote helper that uses hyperswarm for networking in order to directly connect to peer. After connection is initialized it sends RPC request to retrieve list of repositories, clone corresponding pack files and unpack them locally.
It is necessary for corresponding binaries to be in $PATH
, thus gitpear needs to be installed globally.
NOTE: application home directory will be created in ~/.gitpear
- this may require sudo
.
git clone git@github.com:dzdidi/gitpear.git
cd gitpear
npm install
npm link
git clone git@github.com:dzdidi/gitpear.git
cd gitpear
npm install
npm nix
See ./result
- for binaries build by nix. To make the available add to path by running PATH="${PATH:+${PATH}:}${PWD}/result/bin/"
All data will be persisted in application directory (default ~/.gitpear
). To change it. Provide environment variable GIT_PEAR
git pear daemon <-s, --start | -k, --stop>
- start or stop daemon
git pear key
- print out public key. Share it with your peers so that they can do git pull pear:<public key>/<repo name>
git pear init [-s, --share] <path>
- It will create bare repository of the same name in application directory (default ~/.gitpear/). It will add git remote in current repository with name pear
. So just like in traditional flow doing git push orign
, here we do git push pear
. By default repository will not be shared. To enable sharing provide -s
or call gitpear share <path>
later
git pear share <path>
- makes repository sharable
git pear unshare <path>
- stop sharing repository
git pear list [-s, --shared]
- list all or (only shared) repositories
Please not this is only remote helper and its intention is only to enable direct clone|fetch|pull
of repository hosted on private computer.
Collaboration is possible however with the following flow between Alice and Bob in a pure peer-to-peer manner of git.
cd Repo
git pear init -s
git pear list
# outputs:
# Repo pear://<Alice public key>/Repo
git clone pear://<Alice public key>/Repo
cd Repo
git pear init -s
git checkout -b feature
# implement feature
git commit -m 'done'
git push pear feature
git pear list
# outputs:
# Repo pear://<Bob public key>/Repo
git checkout master
git remote add bob pear://<Bob public key>/Repo
git fetch bob
git pull
git merge feature
git push pear master
git checkout master
git fetch origin
git pull
FAQs
p2p transport helpers, daemon and cli for git based on holepunch/hypercore stack
The npm package gitpear receives a total of 3 weekly downloads. As such, gitpear popularity was classified as not popular.
We found that gitpear demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.