Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Javascript implementation of multiaddr validation
npm install mafmt
const mafmt = require('mafmt')
mafmt.DNS.matches('/dns4/ipfs.io') // true
mafmt.<FORMAT>.matches(multiaddr)
Where <FORMAT>
may be:
<FORMAT> | Description | Example(s) |
---|---|---|
DNS | a "dns4" or "dns6" format multiaddr | /dnsaddr/ipfs.io |
DNS4 | a "dns4" format multiaddr | /dns4/ipfs.io |
DNS6 | a "dns6" format multiaddr | /dns6/protocol.ai/tcp/80 |
IP | an "ip4" or "ip6" format multiaddr | /ip4/127.0.0.1 /ip6/fc00:: |
TCP | a "tcp" over IP format multiaddr | /ip4/0.0.7.6/tcp/1234 |
UDP | a "udp" over IP format multiaddr | /ip4/0.0.7.6/udp/1234 |
QUIC | a "quic" over UDP format multiaddr | /ip4/1.2.3.4/udp/1234/quic |
UTP | a "utp" over UDP format multiaddr | /ip4/1.2.3.4/udp/3456/utp |
Websockets | a "ws" over TCP or "ws" over DNS format multiaddr | /ip4/1.2.3.4/tcp/3456/ws /dnsaddr/ipfs.io/ws |
WebSocketsSecure | a "wss" over TCP or "wss" over DNS format multiaddr | /ip6/::/tcp/0/wss /dnsaddr/ipfs.io/wss |
HTTP | a "http" over TCP or DNS or "http" over DNS format multiaddr | /ip4/127.0.0.1/tcp/90/http /dnsaddr/ipfs.io/http |
HTTPS | a "https" over TCP or DNS or "https" over DNS format multiaddr | /ip4/127.0.0.1/tcp/90/https /dnsaddr/ipfs.io/https |
WebRTCStar | a "p2p" over "p2p-webrtc-star" over Websockets or "p2p" over "p2p-webrtc-star" over WebSocketsSecure format multiaddr | /dnsaddr/ipfs.io/wss/p2p-webrtc-star/p2p/QmcgpsyWgH8Y8ajJz1Cu72KnS5uo2Aa2LpzU7kinSoooo4 |
WebSocketStar | a "p2p" over "p2p-websocket-star" over Websockets or "p2p" over "p2p-websocket-star" over WebSocketsSecure or "p2p-websocket-star" over Websockets or "p2p-websocket-star" over WebSocketsSecure format multiaddr | /ip4/1.2.3.4/tcp/3456/ws/p2p-websocket-star /dnsaddr/localhost/ws/p2p-websocket-star/p2p/QmcgpsyWgH8Y8ajJz1Cu72KnS5uo2Aa2LpzU7kinSoooo4 |
WebRTCDirect | a "p2p-webrtc-direct" over HTTP or "p2p-webrtc-direct" over HTTPS format multiaddr | /ip4/1.2.3.4/tcp/3456/http/p2p-webrtc-direct |
Reliable | a WebSockets or WebSocketsSecure or HTTP or HTTPS or WebRTCStar or WebRTCDirect or TCP or UTP or QUIC format multiaddr | /dnsaddr/ipfs.io/wss |
Circuit | /p2p/QmcgpsyWgH8Y8ajJz1Cu72KnS5uo2Aa2LpzU7kinSoooo4/p2p-circuit/p2p/QmUjNmr8TgJCn1Ao7DvMy4cjoZU15b9bwSCBLE3vwXiwgj | |
P2P | "p2p", aka "ipfs", over Reliable or WebRTCStar or "p2p" format multiaddr | /p2p/QmcgpsyWgH8Y8ajJz1Cu72KnS5uo2Aa2LpzU7kinSoooo4 /ip4/127.0.0.1/tcp/20008/ws/p2p/QmUjNmr8TgJCn1Ao7DvMy4cjoZU15b9bwSCBLE3vwXiwgj |
Where multiaddr
may be:
Returns true
/false
FAQs
A multiaddr validator
The npm package mafmt receives a total of 21,912 weekly downloads. As such, mafmt popularity was classified as popular.
We found that mafmt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.