Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
node-unix-socket
Advanced tools
node-unix-socket allows you to use SO_REUSEPORT, SOCK_SEQPACKET, SOCK_DGRAM in Node.js.
Readme
node-unix-socket
allows you to use some nonblocking unix sockets that are currently not supported by Node.js native modules, including:
SOCK_SEQPACKET
) socketsSOCK_DGRAM
) socketsSO_REUSEPORT
enabled TCP net.Servernode-unix-socket
is a napi-rs based Node.js addons and:
We use SOCK_SEQPACKET
sockets for in our internal APM.
Platform | Node.js | DgramSocket | Seqpacket |
---|---|---|---|
x64 Linux | 12 + LTS | ✅ | ✅ |
x64 Darwin | 12 + LTS | ✅ | |
aarch64 Darwin | 12 + LTS | ✅ |
npm i node-unix-socket
SOCK_SEQPACKET
sockets are like SOCK_STREAM
sockets while they keep message boundaries.
Note that SOCK_SEQPACKET
sockets don't work on MacOS.
const { SeqpacketServer, SeqpacketSocket } = require('node-unix-socket');
const os = require('os');
const path = require('path');
const fs = require('fs');
const bindPath = path.resolve(os.tmpdir(), './my_seqpacket.sock');
try {
fs.unlinkSync(bindPath);
} catch (e) {}
const server = new SeqpacketServer();
server.listen(bindPath);
server.on('connection', (socket) => {
socket.on('data', (buf) => {
console.log('received', buf.toString());
});
});
const client = new SeqpacketSocket();
client.connect(bindPath, () => {
const data = ['hello, ', 'w', 'o', 'r', 'l', 'd'];
for (const str of data) {
client.write(Buffer.from(str));
}
client.end();
});
const { DgramSocket } = require('node-unix-socket');
const os = require('os');
const path = require('path');
const fs = require('fs');
const path1 = path.resolve(os.tmpdir(), './my_dgram_1.sock');
const path2 = path.resolve(os.tmpdir(), './my_dgram_2.sock');
try {
fs.unlinkSync(path1);
fs.unlinkSync(path2);
} catch (err) {}
const socket1 = new DgramSocket();
const socket2 = new DgramSocket();
socket1.bind(path1);
socket2.bind(path2);
socket2.on('data', (data, remoteAddr) => {
console.log(`socket2 received: ${data.toString()}`);
// echo
socket2.sendTo(data, 0, data.length, remoteAddr);
});
socket1.on('data', (data) => {
console.log(`socket1 received: ${data.toString()}`);
});
setInterval(() => {
const buf = Buffer.from('hello');
socket1.sendTo(buf, 0, buf.length, path2);
}, 1000);
SO_REUSEPORT
enabled TCP net.ServerThe cluster module share server ports by accepting new connections in the primary process and distributing them to worker processes.
With SO_REUSEPORT
, sockets will be distributed by kernel instead, and which should be more performant especially for scenario of having a lot of short-lived connections.
For example, the arrow in the image below shows cpu usage of a PM2 primary process which we found in our environment.
Note that SO_REUSEPORT
might behave much differently across operating systems. See this post for more information.
const { createReuseportFd } = require('node-unix-socket');
const { Server, Socket } = require('net');
const port = 8080;
const host = '0.0.0.0';
// create multple servers listening to a same host, port.
for (let i = 0; i < 2; i += 1) {
const fd = createReuseportFd(port, host);
const server = new Server((socket) => {
socket.on('data', (buf) => {
console.log(`server ${i} received:`, buf);
// echo
socket.write(buf);
});
});
server.listen(
{
fd,
},
() => {
console.log(`server ${i} is listening on ${port}`);
}
);
}
setInterval(() => {
const client = new Socket();
client.on('data', (buf) => {
console.log('client received:', buf);
client.destroy();
});
client.connect(port, host, () => {
client.write(Buffer.from('hello'));
});
}, 1000);
npm run build && npm run test
MIT
FAQs
node-unix-socket allows you to use SO_REUSEPORT, SOCK_SEQPACKET, SOCK_DGRAM in Node.js.
The npm package node-unix-socket receives a total of 225 weekly downloads. As such, node-unix-socket popularity was classified as not popular.
We found that node-unix-socket demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.