Research
Security News
Malicious PyPI Package ‘pycord-self’ Targets Discord Developers with Token Theft and Backdoor Exploit
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
multi-writer hypercore
Small module that manages multiple hypercores: feeds you create locally are writeable, others' are readonly. Replicating with another multifeed peers exchanges the content of all of the hypercores.
var multifeed = require('multifeed')
var hypercore = require('hypercore')
var ram = require('random-access-memory')
var multi = multifeed(hypercore, './db', { valueEncoding: 'json' })
// a multifeed starts off empty
console.log(multi.feeds().length) // => 0
// create as many writeable feeds as you want; returns hypercores
multi.writer(function (err, w) {
console.log(w.key, w.writeable, w.readable) // => Buffer <0x..> true true
console.log(multi.feeds().length) // => 1
// write data to any writeable feed, just like with hypercore
w.append('foo', function () {
var m2 = multifeed(ram, { valueEncoding: 'json' })
m2.writer(function (err, w2) {
w2.append('bar', function () {
replicate(multi, m2, function () {
console.log(m2.feeds().length) // => 2
m2.feeds()[1].get(0, function (_, data) {
console.log(data) // => foo
})
multi.feeds()[1].get(0, function (_, data) {
console.log(data) // => bar
})
})
})
})
})
})
function replicate (a, b, cb) {
var r = a.replicate()
r.pipe(b.replicate()).pipe(r)
.once('end', cb)
.once('error', cb)
}
var multifeed = require('multifeed')
Pass in the a hypercore module (require('hypercore')
), a
random-access-storage
backend, and options. Included opts
are passed into new hypercores created,
and are the same as
hypercore's.
If no name
is given, a new local writeable feed is created and returned via
cb
.
If name
is given and was created in the past on this local machine, it is
returned. Otherwise it is created. This is useful for managing multiple local
feeds, e.g.
var main = multi.writer('main') // created if doesn't exist
var content = multi.writer('content') // created if doesn't exist
main === multi.writer('main') // => true
An array of all hypercores in the multifeed. Check a feed's key
to
find the one you want, or check its writable
/ readable
properties.
Only populated once multi.ready(fn)
is fired.
Fetch a feed by its key key
(a Buffer
or hex string).
Create a duplex stream for replication.
Works just like hypercore, except all local hypercores are exchanged between replication endpoints.
Note: this stream is not an encrypted channel.
Emitted whenever a new feed is added, whether locally or remotely.
With npm installed, run
$ npm install multifeed
hypercore-protocol
requires the first feed exchanged to be common between
replicating peers. This prevents two strangers from exchanging sets of
hypercores. A "fake" hypercore with a hardcoded public key is included in the
code to bootstrap the replication process. I discarded the private key, but
even if I didn't, it doesn't let me do anything nefarious. You could patch
this with your own key of choice.hypercore-protocol
requires all feed keys be known upfront: only discovery
keys are exchanged (discoveryKey = hash(key)
), so this module wraps the
hypercore replication duplex stream in a secondary duplex stream that
exchanges feed public keys upfront before moving on to the hypercore
replication mechanism.ISC
FAQs
multi-writer hypercore
The npm package multifeed receives a total of 90 weekly downloads. As such, multifeed popularity was classified as not popular.
We found that multifeed demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.