Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The 'multibase' npm package provides a way to encode and decode data using various base encoding schemes. It supports a wide range of base encodings, making it useful for applications that need to handle data in different formats.
Encoding Data
This feature allows you to encode data using a specified base encoding. In this example, the data 'hello world' is encoded using base32.
const multibase = require('multibase');
const data = Buffer.from('hello world');
const encoded = multibase.encode('base32', data);
console.log(encoded.toString());
Decoding Data
This feature allows you to decode data that has been encoded with a base encoding. In this example, the base32 encoded string 'bnbswy3dpeb3w64tmmq' is decoded back to 'hello world'.
const multibase = require('multibase');
const encoded = 'bnbswy3dpeb3w64tmmq';
const decoded = multibase.decode(encoded);
console.log(decoded.toString());
Listing Supported Encodings
This feature provides a list of all supported base encodings. It can be useful to know which encodings are available for use.
const multibase = require('multibase');
const encodings = multibase.names;
console.log(encodings);
The 'base-x' package provides a way to encode and decode data using custom base encodings. It is similar to 'multibase' but focuses on custom base encodings rather than a predefined set of encodings.
The 'base64-js' package is specifically designed for base64 encoding and decoding. It is more specialized compared to 'multibase', which supports a wider range of encodings.
The 'bs58' package provides base58 encoding and decoding. It is similar to 'multibase' in that it handles base encodings, but it is specialized for base58.
JavaScript implementation of the multibase specification
multibase
- Prefixes an encoded buffer with its multibase codemultibase.encode
- Encodes a buffer into one of the supported encodings, prefixing it with the multibase codemultibase.decode
- Decodes a buffer or stringmultibase.isEncoded
- Checks if buffer or string is encodedsrc/constants.js
> npm install --save multibase
The code published to npm that gets loaded on require is in fact an ES5 transpiled version with the right shims added. This means that you can require it and use with your favourite bundler without having to adjust asset management process.
const multibase = require('multiubase')
<script>
tagLoading this module through a script tag will make the Multibase
obj available in the global namespace.
<script src="https://unpkg.com/multibase/dist/index.min.js"></script>
<!-- OR -->
<script src="https://unpkg.com/multibase/dist/index.js"></script>
You will need to use Node.js Buffer
API compatible, if you are running inside the browser, you can access it by multibase.Buffer
or you can load Feross's Buffer module.
const multibase = require('multibase')
const encodedBuf = multibase.encode('base58btc', new Buffer('hey, how is it going'))
const decodedBuf = multibase.decode(encodedBuf)
console.log(decodedBuf.toString())
// hey, how it going
https://multiformats.github.io/js-multibase/
multibase
- Prefixes an encoded buffer with its multibase codeconst multibased = multibase(<nameOrCode>, encodedBuf)
multibase.encode
- Encodes a buffer into one of the supported encodings, prefixing it with the multibase codeconst encodedBuf = multibase.encode(<nameOrCode>, <buf>)
multibase.decode
- Decodes a buffer or stringconst decodedBuf = multibase.decoded(bufOrString)
multibase.isEncoded
- Checks if buffer or string is encodedconst value = multibase.isEncoded(bufOrString)
// value is the name of the encoding if it is encoded, false otherwise
src/constants.js
Multibase package defines all the supported bases and the location of their implementation in the constants.js file. A base is a class with a name, a code, an implementation and an alphabet.
class Base {
constructor (name, code, implementation, alphabet) {
//...
}
// ...
}
The implementation
is an object where the encoding/decoding functions are implemented. It must take one argument, (the alphabet) following the base-x module architecture.
The alphabet
is the ordered set of defined symbols for a given base.
The idea behind this is that several bases may have implementations from different locations/modules so it's useful to have an object (and a summary) of all of them in one location (hence the constants.js).
All the supported bases are currently using the npm base-x module as their implementation. It is using bitwise maipulation to go from one base to another, so this module does not support padding at the moment.
If the base you are looking for is not supported yet in js-multibase and you know a good encoding/decoding algorithm, you can add support for this base easily by editing the constants.js file (you'll need to create an issue about that beforehand since a code and a canonical name have to be defined):
const baseX = require('base-x')
//const newPackage = require('your-package-name')
const constants = [
['base1', '1', '', '1'],
['base2', '0', baseX, '01'],
['base8', '7', baseX, '01234567'],
// ... [ 'your-base-name', 'code-to-be-defined', newPackage, 'alphabet']
]
The required package defines the implementation of the encoding/decoding process. It must comply by these rules :
encode
and decode
functions with to-be-encoded buffer as the only expected argumentalphabet
given as an argument for the encoding/decoding processIf no package is specified (such as for base1 in the above example, it means the base is not implemented yet)
Adding a new base requires the tests to be updated. Test files to be updated are :
describe('constants', () => {
it('constants indexed by name', () => {
const names = constants.names
expect(Object.keys(names).length).to.equal(constants-count) // currently 12
})
it('constants indexed by code', () => {
const codes = constants.codes
expect(Object.keys(codes).length).to.equal(constants-count)
})
})
const supportedBases = [
['base2', 'yes mani !', '01111001011001010111001100100000011011010110000101101110011010010010000000100001'],
['base8', 'yes mani !', '7171312714403326055632220041'],
['base10', 'yes mani !', '9573277761329450583662625'],
// ... ['your-base-name', 'what you want', 'expected output']
const supportedBases = [
// ... ['your-base-name']
Captain: @diasdavid
Contributions welcome. Please check out the issues.
Check out our contributing document for more information on how we work, and about contributing in general. Please be aware that all interactions related to multiformats are subject to the IPFS Code of Conduct.
Small note: If editing the README, please conform to the standard-readme specification.
MIT © 2016 Protocol Labs Inc.
FAQs
JavaScript implementation of the multibase specification
The npm package multibase receives a total of 639,058 weekly downloads. As such, multibase popularity was classified as popular.
We found that multibase demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.