Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A client library for the IPFS HTTP API, implemented in JavaScript. This client library implements the interface-ipfs-core enabling applications to change between a embebed js-ipfs node and any remote IPFS node without having to change the code. In addition, this client library implements a set of utility functions.
This module uses node.js, and can be installed through npm:
npm install --save ipfs-api
Note: ipfs-api requires Node.js v6 (LTS) or higher.
To interact with the API, you need to have a local daemon running. It needs to be open on the right port. 5001
is the default, and is used in the examples below, but it can be set to whatever you need.
# Show the ipfs config API port to check it is correct
> ipfs config Addresses.API
/ip4/127.0.0.1/tcp/5001
# Set it if it does not match the above output
> ipfs config Addresses.API /ip4/127.0.0.1/tcp/5001
# Restart the daemon after changing the config
# Run the daemon
> ipfs daemon
var ipfsAPI = require('ipfs-api')
// connect to ipfs daemon API server
var ipfs = ipfsAPI('localhost', '5001', {protocol: 'http'}) // leaving out the arguments will default to these values
// or connect with multiaddr
var ipfs = ipfsAPI('/ip4/127.0.0.1/tcp/5001')
// or using options
var ipfs = ipfsAPI({host: 'localhost', port: '5001', protocol: 'http'})
// or specifying a specific API path
var ipfs = ipfsAPI({host: '1.1.1.1', port: '80', 'api-path': '/ipfs/api/v0'})
const bitswap = require('ipfs-api/src/bitswap')('/ip4/127.0.0.1/tcp/5001')
bitswap.unwant(key, (err) => {
// ...
})
Same as in Node.js, you just have to browserify the code before serving it. See the browserify repo for how to do that.
See the example in the examples folder to get a boilerplate.
See the example in the examples folder to get an idea on how to use js-ipfs-api with webpack.
Instead of a local installation (and browserification) you may request a remote copy of IPFS API from unpkg CDN.
To always request the latest version, use the following:
<!-- loading the minified version -->
<script src="https://unpkg.com/ipfs-api/dist/index.min.js"></script>
<!-- loading the human-readable (not minified) version -->
<script src="https://unpkg.com/ipfs-api/dist/index.js"></script>
For maximum security you may also decide to:
Example:
<script src="https://unpkg.com/ipfs-api@9.0.0/dist/index.js"
integrity="sha384-5bXRcW9kyxxnSMbOoHzraqa7Z0PQWIao+cgeg327zit1hz5LZCEbIMx/LWKPReuB"
crossorigin="anonymous"></script>
CDN-based IPFS API provides the IpfsApi
constructor as a method of the global window
object. Example:
var ipfs = window.IpfsApi('localhost', '5001')
If you omit the host and port, the API will parse window.host
, and use this information. This also works, and can be useful if you want to write apps that can be run from multiple different gateways:
var ipfs = window.IpfsApi()
In a web browser IPFS API (either browserified or CDN-based) might encounter an error saying that the origin is not allowed. This would be a CORS ("Cross Origin Resource Sharing") failure: IPFS servers are designed to reject requests from unknown domains by default. You can whitelist the domain that you are calling from by changing your ipfs config like this:
ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin "[\"http://example.com\"]"
ipfs config --json API.HTTPHeaders.Access-Control-Allow-Credentials "[\"true\"]"
ipfs config --json API.HTTPHeaders.Access-Control-Allow-Methods "[\"PUT\", \"POST\", \"GET\"]"
If you wish to send custom headers with each request made by this library, for example, the Authorization header. You can use the config to do so:
const ipfs = IpfsApi({
host: 'localhost',
port: 5001,
protocol: 'http',
headers: {
authorization: 'Bearer ' + TOKEN
}
})
js-ipfs-api
follows the spec defined byinterface-ipfs-core
, which concerns the interface to expect from IPFS implementations. This interface is a currently active endeavor. You can use it today to consult the methods available.
ipfs.files.add(data, [options], [callback])
. Alias to ipfs.add
.ipfs.files.addPullStream([options])
ipfs.files.addReadableStream([options])
ipfs.files.cat(ipfsPath, [options], [callback])
. Alias to ipfs.cat
.ipfs.files.catPullStream(ipfsPath, [options])
ipfs.files.catReadableStream(ipfsPath, [options])
ipfs.files.get(ipfsPath, [options], [callback])
. Alias to ipfs.get
.ipfs.files.getPullStream(ipfsPath, [options])
ipfs.files.getReadableStream(ipfsPath, [options])
ipfs.ls(ipfsPath, [callback])
ipfs.lsPullStream(ipfsPath)
ipfs.lsReadableStream(ipfsPath)
ipfs.files.cp([from, to], [callback])
ipfs.files.flush([path], [callback])
ipfs.files.ls([path], [options], [callback])
ipfs.files.mkdir(path, [options], [callback])
ipfs.files.mv([from, to], [callback])
ipfs.files.read(path, [options], [callback])
ipfs.files.readPullStream(path, [options])
ipfs.files.readReadableStream(path, [options])
ipfs.files.rm(path, [options], [callback])
ipfs.files.stat(path, [options], [callback])
ipfs.files.write(path, content, [options], [callback])
ipfs.object.data(multihash, [options], [callback])
ipfs.object.get(multihash, [options], [callback])
ipfs.object.links(multihash, [options], [callback])
ipfs.object.new([template], [callback])
ipfs.object.patch.addLink(multihash, DAGLink, [options], [callback])
ipfs.object.patch.appendData(multihash, data, [options], [callback])
ipfs.object.patch.rmLink(multihash, DAGLink, [options], [callback])
ipfs.object.patch.setData(multihash, data, [options], [callback])
ipfs.object.put(obj, [options], [callback])
ipfs.object.stat(multihash, [options], [callback])
refs
ipfs.refs.local()
log
ipfs.log.level(subsystem, level, [options], [callback])
ipfs.log.ls([callback])
ipfs.log.tail([callback])
Currently, the PubSub API only works in Node.js environment
We currently don't support pubsub when run in the browser, and we test it with separate set of tests to make sure if it's being used in the browser, pubsub errors.
More info: https://github.com/ipfs/js-ipfs-api/issues/518
This means:
A set of data types are exposed directly from the IPFS instance under ipfs.types
. That way you're not required to import/require the following.
ipfs.types.Buffer
ipfs.types.PeerId
ipfs.types.PeerInfo
ipfs.types.multiaddr
ipfs.types.multibase
ipfs.types.multihash
ipfs.types.CID
ipfs.types.dagPB
ipfs.types.dagCBOR
Adding to the methods defined by interface-ipfs-core
, js-ipfs-api
exposes a set of extra utility methods. These utility functions are scoped behind the ipfs.util
.
Complete documentation for these methods is coming with: https://github.com/ipfs/js-ipfs-api/pull/305
ipfs.util.addFromFs(path, option, callback)
Reads a file or folder from path
on the filesystem and adds it to IPFS. Options:
path
is a directory, use option { recursive: true }
to add the directory and all its sub-directories.
{ ignore: ['ignore/this/folder/**', 'and/this/file'] }
..
, for example, .git/
) are not included by default. To add them, use the option { hidden: true }
.ipfs.util.addFromFs('path/to/a/folder', { recursive: true , ignore: ['subfolder/to/ignore/**']}, (err, result) => {
if (err) { throw err }
console.log(result)
})
result
is an array of objects describing the files that were added, such as:
[
{
path: 'test-folder',
hash: 'QmRNjDeKStKGTQXnJ2NFqeQ9oW23WcpbmvCVrpDHgDg3T6',
size: 2278
},
// ...
]
ipfs.util.addFromURL(url, callback)
ipfs.util.addFromURL('http://example.com/', (err, result) => {
if (err) {
throw err
}
console.log(result)
})
ipfs.util.addFromStream(stream, callback)
This is very similar to ipfs.files.add({path:'', content: stream})
. It is like the reverse of cat
ipfs.util.addFromStream(<readable-stream>, (err, result) => {
if (err) {
throw err
}
console.log(result)
})
ipfs.util.getEndpointConfig()
This returns an object containing the host
and the port
ipfs.util.crypto
This contains an object with the crypto primitives
ipfs.util.isIPFS
This contains an object with the is-ipfs utilities to help identifying IPFS resources
If you do not pass in a callback all API functions will return a Promise
. For example:
ipfs.id()
.then((id) => {
console.log('my id is: ', id)
})
.catch((err) => {
console.log('Fail: ', err)
})
This relies on a global Promise
object. If you are in an environment where that is not yet available you need to bring your own polyfill.
We run tests by executing npm test
in a terminal window. This will run both Node.js and Browser tests, both in Chrome and PhantomJS. To ensure that the module conforms with the interface-ipfs-core
spec, we run the batch of tests provided by the interface module, which can be found here.
The js-ipfs-api is a work in progress. As such, there's a few things you can do right now to help out:
interface-ipfs-core
.Want to hack on IPFS?
This module started as a direct mapping from the go-ipfs cli to a JavaScript implementation, although this was useful and familiar to a lot of developers that were coming to IPFS for the first time, it also created some confusion on how to operate the core of IPFS and have access to the full capacity of the protocol. After much consideration, we decided to create interface-ipfs-core
with the goal of standardizing the interface of a core implementation of IPFS, and keep the utility functions the IPFS community learned to use and love, such as reading files from disk and storing them directly to IPFS.
FAQs
A client library for the IPFS HTTP API
The npm package ipfs-api receives a total of 5,115 weekly downloads. As such, ipfs-api popularity was classified as popular.
We found that ipfs-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.