Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
ln-service
Advanced tools
The core of this project is a gRPC interface for node.js projects, available through npm.
The project can be run alone to create a REST interface on top of LND that exposes functionality to client applications.
It is recommended to not expose the REST interface directly to the dangerous internet as that gives anyone control of your node.
The service can run in two modes:
The direct GRPC mode is recommended.
https://github.com/lightningnetwork/lnd/blob/master/docs/INSTALL.md
If using Bitcoin Core, the following ~/.bitcoin/bitcoin.conf configuration is recommended:
assumevalid= // plug in the current best block hash
daemon=1
datadir=/blockchain/.bitcoin/data
dbcache=3000
disablewallet=1
maxuploadtarget=1000
nopeerbloomfilters=1
peerbloomfilters=0
permitbaremultisig=0
rpcpassword= // make a strong password
rpcuser=bitcoinrpc
server=1
testnet=1 // Set as applicable
txindex=1
zmqpubrawblock=tcp://127.0.0.1:28332
zmqpubrawtx=tcp://127.0.0.1:28332
Sample LND configuration options (~/.lnd/lnd.conf)
[Application Options]
externalip=IP
maxpendingchannels=10
minchansize=250000
rpclisten=0.0.0.0:10009
tlsextraip=IP
[autopilot]
autopilot.active=1
autopilot.maxchannels=10
autopilot.minchansize=250000
autopilot.allocation=0.8
[Bitcoin]
bitcoin.active=1
bitcoin.feerate=1000
bitcoin.node=bitcoind
bitcoin.testnet=1
[bitcoind]
bitcoind.rpcpass= // Password for bitcoind
bitcoind.rpcuser=bitcoinrpc
bitcoind.zmqpath=tcp://127.0.0.1:28332
base64 ~/.lnd/admin.macaroon
base64 ~/.lnd/tls.cert
You will need these variables to authenticate with LND.
Make sure:
You can install the service via npm -
$ npm install ln-service
You can then interact with your LND node directly -
const lnService = require('ln-service');
const lnd = lnService.lightningDaemon({
host: 'localhost:10009'
});
lnService.getWalletInfo({lnd}, (error, result) => {
console.log(result);
});
NOTE: You will need to make sure you Set the Environment Variables unless you want to pass in base64 encoded values to the lightningDaemon for the cert and macaroon.
If you have encoded the values, use them to instantiate the lightningDaemon object.
const lnd = lnService.lightningDaemon({
cert: 'base64 encoded tls.cert'
host: 'localhost:10009'
macaroon: 'base64 encoded admin.macaroon'
});
Please have git
installed, and have a working github account, preferably with SSH access.
Please also make sure that you have node.js / npm installed, too.
The best way to install it for personal use is NVM.
Willingness to report bugs?
$ git clone https://github.com/alexbosworth/ln-service.git
$ cd ln-service
$ npm install
In NPM installed direct GRPC mode only GRPC_SSL_CIPHER_SUITES
environment
variable is needed
Linux -
Make sure your .bashrc
contains the following environment variables -
export GRPC_SSL_CIPHER_SUITES='HIGH+ECDSA'
export LNSERVICE_LND_DIR='~/.lnd/'
export LNSERVICE_SECRET_KEY=REPLACE!WITH!SECRET!KEY
Make sure to $ source ~/.bashrc
in the window you are running the service from
OSX -
Make sure your .bash_profile
contains the following environment variables -
export GRPC_SSL_CIPHER_SUITES='HIGH+ECDSA'
export LNSERVICE_LND_DIR="$HOME/Library/Application Support/Lnd/"
export LNSERVICE_SECRET_KEY=REPLACE!WITH!SECRET!KEY
Make sure to $ . ~/.bash_profile
in the window you are running the service from
$ npm start
ln-service
uses Basic Authentication currently. Make sure that the request has an authorization header that contains Base64 encoded credentials.
Basic example of an authorization header -
Authorization: Basic {{TOKEN_GOES_HERE_WITHOUT_BRACES}}
To generate the Base64 encoded credentials in Chrome for example in the console you can -
> let username = 'test';
// username can be anything.
> let password = '1m5secret4F';
// password must match the LNSERVICE_SECRET_KEY in your environment variables.
> btoa(`${username}:${password}`);
// dGVzdDoxbTVlY3JldDRG
And then set the value of the Authorization header to the returned value dGVzdDoxbTVlY3JldDRG
.
And copy the result as the token in the above example
$ npm test
47.0.0
getForwardingConfidence
: Add method to get forwarding confidence of
forwarding between two peersgetPaymentOdds
: Rename to getRouteConfidence
getForwardingReputations
: Rename "odds" to "confidence"
probability
attribute changes to confidence
general_success_odds
attribute to confidence
success_odds
attribute changes to confidence
FAQs
Interaction helper for your Lightning Network daemon
The npm package ln-service receives a total of 2,293 weekly downloads. As such, ln-service popularity was classified as popular.
We found that ln-service demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.