Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
An append-only log on IPFS.
ipfs-log
is an immutable, operation-based conflict-free replicated data structure (CRDT) for distributed systems. It's an append-only log that can be used to model a mutable, shared state between peers in p2p applications.
Every entry in the log is saved in IPFS and each points to a hash of previous entry(ies) forming a graph. Logs can be forked and joined back together.
The module works in Node.js and Browsers.
Log A Log B
| |
logA.append("one") logB.append("hello")
| |
v v
+-----+ +-------+
|"one"| |"hello"|
+-----+ +-------+
| |
logA.append("two") logB.append("world")
| |
v v
+-----------+ +---------------+
|"one","two"| |"hello","world"|
+-----------+ +---------------+
| |
| |
logA.join(logB) <----------+
|
v
+---------------------------+
|"one","hello","two","world"|
+---------------------------+
IPFS Log has a few use cases:
It was originally created for, and currently used in, orbit-db - a distributed peer-to-peer database on IPFS.
...
spread syntax)This project uses npm and nodejs.
npm install ipfs-log
See the API documentation and examples for more details.
Install dependencies:
npm install ipfs-log ipfs
Run a simple program:
// For js-ipfs >= 0.38
const Log = require("ipfs-log");
const IdentityProvider = require("orbit-db-identity-provider");
const IPFS = require("ipfs");
const start = async () => {
const identity = await IdentityProvider.createIdentity({ id: "peerid" });
const ipfs = await IPFS.create({ repo: "./path-for-js-ipfs-repo" });
const log = new Log(ipfs, identity);
await log.append({ some: "data" });
await log.append("text");
console.log(log.values.map((e) => e.payload));
};
start();
// [ { some: 'data' }, 'text' ]
See examples for details.
If your platforms requires ES5-compatible JavaScript, there's a build in lib/es5/
.
See examples/browser for details.
The distribution package for browsers is located in dist/ipfslog.min.js
If your platforms requires ES5-compatible JavaScript, there's a build in lib/es5/
.
See API Documentation for full details.
Run all tests:
npm test
Run tests with js-ipfs only (default):
mocha
Run tests with go-ipfs only:
TEST=go mocha
To use the benchmark runner:
node --expose-gc benchmarks/runner/index.js -r --grep append-stress --stress-limit Infinity
This will run the append-stress
benchmarks until it is canceled. For more information, see the Benchmarking README.
Run the following command before you commit.
make rebuild
This will ensure that dependencies and built files are all based on the current code base.
There's a benchmark suite in benchmarks/ that can be run with:
node benchmarks/benchmark-append.js
node benchmarks/benchmark-join.js
node benchmarks/benchmark-expand.js
There's append
and join
benchmarks for browsers in benchmarks/browser/ which you can run by opening the .html
files in your browser.
If you find a bug or something is broken, let us know! PRs and issues are gladly accepted too. Take a look at the open issues, too, to see if there is anything that you could do or someone else has already done. Here are some things I know I need:
MIT © 2016-2018 Protocol Labs Inc., 2016-2019 Haja Networks Oy
FAQs
Append-only log CRDT on IPFS
The npm package ipfs-log receives a total of 459 weekly downloads. As such, ipfs-log popularity was classified as not popular.
We found that ipfs-log demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.