
Security News
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports
AI-generated slop reports are making bug bounty triage harder, wasting maintainer time, and straining trust in vulnerability disclosure programs.
A stream multiplexer written in ES6.
MPlex
is a duplex stream with the following additional events:
ready
: Emitted when the stream fully initialized itself. Call API methods
only after this event.stream
: The remote side requested a stream.
options
: Data sent by the remote when requesting this streamfn(reason)
: A function to be called with a string as a reason of
declining the stream request, or without parameters. In the letter case
the request is accepted, and the function returns an MStream
instance
ready to read and writeglobalRequest
: The remote side issued a global request.
data
: The request as set by the remotefn(success, details)
: A function to be called to send the response.
success
can be true
or false
, details
is some
JSON serializable data.close
: No more action on the stream. Will be emitted after an error.API:
new MPlex([options])
options <Object>
highWaterMark
: The same as with streams (16384)wantMaxPacketSize
: The maximum size of a packet the remote side is
allowed to send (8192). The minimum is 1024. Handled automaticallywantContinueAfter
: After sending this amount of data to an underlying
stream, MPlex
will not send more data to this stream unless an
explicit continue
instruction on the stream. Handled automatically,
see continueLevel
continueLevel
: The stream will send continue
to the remote only
when data in its' buffer is less than this amountstreamHighWaterMark
: highWaterMark
for underlying streamsmaxID
: The maximum number of open streams in MPlex
MPlex.newStream(options, callback)
:
options
: Any JSON serializable data, will be sent to the remotecallback(error, stream)
: Called when the request is accepted or rejected
by the remote.
error
: an error instance indicating the reason of declinestream
: an MStream
instance (see below) which is ready for
reding and writingMPlex.globalRequest(data, callback)
: x
data
: JSON serializable data to sendcallback(error, sucess, details)
: will be called when a response arrives (or if error occures during sending).
error
: If not null
, an error occured during sending the requestsuccess
: boolean value received from the remote, indicating the
status of the request.details
: additional data from the remote.MPlex.close()
: Close MPlex
.MStream
is a duplex stream returned by MPlex.newStream
or the second
parameter (a function, fn
) of the stream
event. Apart from the standard
stream events, it also emits close
, which indicates no more processing will
happen on this stream.
API:
MStream.close()
: Close this stream.HeartBeatMPlex
is an extension to MPlex
. It accepts the following extra
options:
wantHeartBeatMilli
: Requests the remote side not to be idle for longer
than this amount in milliseconds.heartBeatThreshold
: If the remote is idle for more than
wantHeartBeatMilli + heartBeatThreshold
milliseconds, an error will be
emitted.const {MPlex} = require('mplex2')
const mplex1 = new MPlex()
const mplex2 = new MPlex()
mplex1.on('ready', () => {
mplex1.newStream('simple stream', (err, stream) => {
if (err) console.log('rejected')
if (stream) {
stream.end('message to remote')
stream.once('finish', stream.close)
}
})
})
mplex2.on('stream', (options, fn) => {
const stream = fn() // accept
stream.on('data', d => console.log(d.toString()))
stream.on('close', () => console.log('remote closed'))
})
mplex1.pipe(mplex2).pipe(mplex1)
FAQs
ES6 stream multiplexer
We found that mplex2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
AI-generated slop reports are making bug bounty triage harder, wasting maintainer time, and straining trust in vulnerability disclosure programs.
Research
Security News
The Socket Research team investigates a malicious Python package disguised as a Discord error logger that executes remote commands and exfiltrates data via a covert C2 channel.
Research
Socket uncovered npm malware campaign mimicking popular Node.js libraries and packages from other ecosystems; packages steal data and execute remote code.