Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
install go-ipfs from npm
Install the latest go-ipfs binary:
# Install globally
> npm install -g go-ipfs
> ipfs version
ipfs version v0.7.0
# Install locally
> npm install go-ipfs
> ./node_modules/.bin/ipfs
ipfs version v0.7.0
This module downloads go-ipfs
binaries from https://dist.ipfs.io into your project.
It will download the go-ipfs version that matches the npm version of this module. So depending on go-ipfs@0.7.0
will install go-ipfs v0.7.0
for your current system architecture, in to your project at node_modules/go-ipfs/go-ipfs/ipfs
and additional symlink to it at node_modules/go-ipfs/bin/ipfs
.
After downloading you can find out the path of the installed binary by calling the path
function exported by this module:
const { path } = require('go-ipfs')
console.info('go-ipfs is installed at', path())
An error will be thrown if the path to the binary cannot be resolved.
Downloaded archives are placed in OS-specific cache directory which can be customized by setting NPM_GO_IPFS_CACHE
in env.
Warning: the file bin/ipfs
is a placeholder, when downloading stuff, it gets replaced. so if you run node install.js
it will then be dirty in the git repo. Do not commit this file, as then you would be commiting a big binary and publishing it to npm. A pre-commit hook exists and should protect against this, but better safe than sorry.
You should be able to just run ./publish.sh
for example:
> ./publish.sh
usage ./publish.sh <version>
publish a version of go-ipfs to npm
> ./publish.sh 0.3.11
This will:
bin/ipfs
is right (must be the checked in file)package.json
and README.md
git commit
the changesgo-ipfs@$version
to https://npmjs.com/package/go-ipfsOpen an issue in the repo if you run into trouble.
If some problem happens, and you need to publish a new version of this module targetting the same go-ipfs version, then please follow this convention:
<go-ipfs-version>
<go-ipfs-version>-hacky<num>
Why do this?
Well, if you previously published npm module go-ipfs@0.4.0
and there was a problem, we now must publish a different version, but we want to keep the version number the same. so the strategy is to publish as go-ipfs@0.4.0-hacky1
, and unpublish go-ipfs@0.4.0
.
Why
-hacky<num>
?
Because it is unlikely to be a legitimate go-ipfs version, and we want to support go-ipfs versions like floodsub-1
etc.
Do i have to say
-hacky<num>
or can i just use-<num>
?
-<num>
won't work, as link-ipfs.js expects -hacky<num>
. If you want to
change the convention, go for it, and update this readme accordingly.
Feel free to join in. All welcome. Open an issue!
This repository falls under the IPFS Code of Conduct.
FAQs
Install the latest go-ipfs binary
We found that go-ipfs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.