Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
IPC-Link is a mini-framework for node-ipc that is fully compatible with TypeScript (and in a near future, ECMAScript Modules). It is designed to have "connection channels" where two processes send data back and forth.
This framework has a queue system that holds Promise
s temporarily until the message has been replied back, and depending on the variable success
, it may or may not reject said Promise.
You can check examples here.
Process One:
const { Server } = require('../../src/index');
console.log('Spawned test-one!');
new Server('test-one', { retry: 1500, silent: true })
.on('message', console.log)
.on('error', console.error)
.once('start', (reason) => { console.log('Successfully started!', reason); })
.start('Login!');
.send('test-two', { content: 'Hello' })
.then(console.log)
.catch(console.error);
Proccess Two:
const { Server } = require('../../src/index');
console.log('Spawned test-two!');
new Server('test-two', { retry: 1500, silent: true })
.on('message', message => { message.reply({ response: `${message.data.content} world!` }); })
.on('error', console.error)
.once('start', (reason) => { console.log('Successfully started!', reason); })
.start('Login!');
Process One will send Process Two an object with content Hello
, Process Two receives back and replies it with Hello
(content sent by the first process) and sends another object with response: 'Hello world!'
to Process One. Evaluating .send('test-two', { content: 'Hello' })
to Promise<{ id, success: true, response: 'Hello World' }>
, which is logged to console.
It is important that you have a single IPCLink.Server
instance because node-ipc
is basically a singleton, and creating multiple instances of this may duplicate messages or corrupt the configuration. In a near future, node-ipc
may get rewritten in a fork or in a backends/
folder in this repository for further support with latest versions of Node.js (new Buffer()
is being used, which is deprecated starting from Node.js 10).
Proccess One
server
be the result of evaluating new Server(name, options);
.message
event being listened in server
.server.start();
has already been called.socketName
be a string, e.g. 'world'
.data
be an object literal, e.g. { test: 'Hello ' }
.server.send(socketName, data);
.senderSocket
be the Socket instance from this process.hasSocket
be the result of evaluating server.hasSocket(name);
.hasSocket
is true
, skip to the next point. Otherwise,
server.connectTo
and await its evaluation.socket
be the result of evaluating server.getSocket(name);
.
IPCSocketCollection
be an object of NodeIPC.Server
s.IPCSocketServer
be the result of accessing to the property name
of IPCSocketCollection
.IPCSocketServer
is undefined
, let socket
be null
. Otherwise
socket
be IPCSocketServer.socket
, being this a Socket instance.data
has a property of id
, let id
be data.id
. Otherwise let id
be a random base36 number generated automatically.preparedData
be an object where:
id
refers to id
.sentBy
refers to server.name
.data
refers to data
.stringifiedData
be the result of evaluating JSON.stringify(preparedData);
.socket.write
, sending stringifiedData
to the Socket.temporalPromise
be a Promise evaluated with new Promise();
.resolve
and reject
be the first and second parameters from temporalPromise
's callbacks.queuePromise
be an object where:
resolve
refers to resolve
.reject
refers to reject
.promiseCollection
be the internal Promise collection from IPC-Link of type Map<string, { resolve: Function, reject: Function }>;
.promiseCollection.set(id, queuePromise);
.queuePromise
.Proccess Two
receiverServer
be the result of evaluating new Server(name, options);
in the target process.messagePayload
be the result of evaluating JSON.parse(stringifiedData);
.message
be the result of evaluating new Message(receiverServer, senderSocket, messagePayload);
.message
to receiverServer
's EventEmitter for its handling.responseData
be an object.responseData
has a property of success
, let success
be responseData.success
. Otherwise
successArgument
be the result of evaluating the third argument from Server#send
.successArgument
is undefined
, let success
be true
. Otherwise let success
be successArgument
.finalizedResponseData
be an object where:
id
refers to id
.success
refers to success
.responseData
are applied over the properties of id
and success
.stringifiedResponseData
be the result of evaluating JSON.stringify(finalizedResponseData);
.senderSocket.write
, sending stringifiedResponseData
to the Socket.Proccess One
parsedResponseData
be the result of evaluating JSON.parse(stringifiedResponseData);
.responseID
be the result of evaluating parsedResponseData.id
.responseID
does not equals to id
via Strict Equality Comparison,
promise
be queuePromise
.
successResponse
be the result of evaluating parsedResponseData.success
.successResponse
is true
, evaluate promise.resolve(parsedResponseData);
, resolving temporalPromise
with the value of parsedResponseData
. Otherwise evaluate promise.reject(parsedResponseData);
, rejecting temporalPromise
with the value of parsedResponseData
.FAQs
Connect multiple processes via IPC using node-ipc for backends
The npm package ipc-link receives a total of 0 weekly downloads. As such, ipc-link popularity was classified as not popular.
We found that ipc-link demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.