Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Provide clientside multiplayer and optimistic updates over any s3-compatible storage API
⚠️ Under development
An offline-first browser database over any S3-compatible API.
Tested with S3, Backblaze, R2 and self-hosted solutions like Minio (running examples).
MPS3 is a key-value document store. A manifest lists all keys in the DB as references to files hosted on s3. Setting a key first writes the content to storage, then updates the manifest. To enable subscriptions, the client polls the manifest for changes. To enable causally consistent concurrent writes, the manifest is represented as a time indexed log of patches and checkpoints which is resolved on read.
Manifests should not contain too many keys as it adds overheads. A manifest should encapsule a single consistency boundary (e.g. a channel in a chat). You can share keys between multiple manifests and move keys in, out and across, manifests lightly (TODO).
To use this library you construct an MP3S class.
import {MPS3} from 'https://cdn.skypack.dev/mps3@0.0.58?min';
const mps3 = new MPS3({
defaultBucket: "<BUCKET>",
s3Config: {
region: "<REGION>",
credentials: {
accessKeyId: "<ACCESS_KEY>",
secretAccessKey: "<SECRET_KEY>"
}
}
});
mps3.put("key", "myValue"); // can await for confirmation
mps3.subscribe("key", (val) => console.log(val)); // causally consist listeners
const value = await mps3.get("key"); // read-after-write consist
For the client to work properly some CORS configuration is required on the bucket so the Javascript environment can observe relevant metadata.
[{
"AllowedHeaders": ["*"],
"AllowedMethods": ["GET", "PUT", "POST", "DELETE"],
"AllowedOrigins": ["*"],
"ExposeHeaders": ["X-Amz-Version-Id", "ETag"]
}]
There is no in-built authorization. Every use-case needs different authorization. A malicious user could sabotage the manifest file if they have unrestricted write permissions to the manifest file, but not all use-cases have malicious users. There are a few options:-
Consult the API Documentation for advanced usage.
FAQs
Provide clientside multiplayer and optimistic updates over any s3-compatible storage API
The npm package mps3 receives a total of 1 weekly downloads. As such, mps3 popularity was classified as not popular.
We found that mps3 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.