Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
IPFS Peer ID implementation in JavaScript.
Generate, import, and export PeerIDs, for use with IPFS.
A Peer ID is the SHA-256 multihash of a public key.
The public key is a base64 encoded string of a protobuf containing an RSA DER buffer. This uses a node buffer to pass the base64 encoded public key protobuf to the multihash for ID generation.
const PeerId = require('peer-id')
const id = await PeerId.create({ bits: 1024, keyType: 'RSA' })
console.log(JSON.stringify(id.toJSON(), null, 2))
{
"id": "Qma9T5YraSnpRDZqRR4krcSJabThc8nwZuJV3LercPHufi",
"privKey": "CAAS4AQwggJcAgEAAoGBAMBgbIqyOL26oV3nGPBYrdpbv..",
"pubKey": "CAASogEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMBgbIqyOL26oV3nGPBYrdpbvzCY..."
}
> npm i peer-id
const PeerId = require('peer-id')
The code published to npm that gets loaded on require is in fact a ES5 transpiled version with the right shims added. This means that you can require it and use with your favourite bundler without having to adjust asset management process.
const PeerId = require('peer-id')
<script>
TagLoading this module through a script tag will make the PeerId
obj available in
the global namespace.
<script src="https://unpkg.com/peer-id/dist/index.min.js"></script>
<!-- OR -->
<script src="https://unpkg.com/peer-id/dist/index.js"></script>
After installing peer-id
, npm install peer-id
, you can leverage the cli to generate keys exported as JSON. You can specify the type for the key and size, as detailed in create([opts])
. The defaults are shown here.
> peer-id --type rsa --bits 2048
const PeerId = require('peer-id')
new PeerId(id[, privKey, pubKey])
id: Buffer
- The multihash of the public key as Buffer
privKey: RsaPrivateKey
- The private keypubKey: RsaPublicKey
- The public keyThe key format is detailed in libp2p-crypto.
create([opts])
Generates a new Peer ID, complete with public/private keypair.
opts.bits: number
- The size of the key. Default: 2048
opts.keyType: string
- The key type, one of: ['RSA', 'Ed25519', 'secp256k1']
. Default: RSA
Returns Promise<PeerId>
.
createFromHexString(str)
Creates a Peer ID from hex string representing the key's multihash.
Returns PeerId
.
createFromBytes(buf)
Creates a Peer ID from a buffer representing the key's multihash.
Returns PeerId
.
createFromCID(cid)
cid: CID
- The multihash encoded as CID objectCreates a Peer ID from a CID representation of the key's multihash (RFC 0001).
Returns PeerId
.
createFromB58String(str)
Creates a Peer ID from a Base58 string representing the key's multihash.
Returns PeerId
.
createFromPubKey(pubKey)
publicKey: Buffer
Creates a Peer ID from a buffer containing a public key.
Returns Promise<PeerId>
.
createFromPrivKey(privKey)
privKey: Buffer
Creates a Peer ID from a buffer containing a private key.
Returns Promise<PeerId>
.
createFromJSON(obj)
obj.id: String
- The multihash encoded in base58
obj.pubKey: String
- The public key in protobuf format, encoded in base64
obj.privKey: String
- The private key in protobuf format, encoded in base64
Returns Promise<PeerId>
.
createFromProtobuf(buf)
buf
is a protocol-buffers encoded PeerId (see marshal()
)
parse(str)
Attempts to create a PeerId from a base58btc encoded string or a CID encoded as a string.
toHexString()
Returns the Peer ID's id
as a hex string.
1220d6243998f2fc56343ad7ed0342ab7886a4eb18d736f1b67d44b37fcc81e0f39f
toBytes()
Returns the Peer ID's id
as a buffer.
<Buffer 12 20 d6 24 39 98 f2 fc 56 34 3a d7 ed 03 42 ab 78 86 a4 eb 18 d7 36 f1 b6 7d 44 b3 7f cc 81 e0 f3 9f>
toString()
Returns the Peer ID's id
as a self-describing CIDv1 in Base32 (RFC 0001)
bafzbeigweq4zr4x4ky2dvv7nanbkw6egutvrrvzw6g3h2rftp7gidyhtt4
toB58String()
Returns the Peer ID's id
as a base58 string (multihash/CIDv0).
QmckZzdVd72h9QUFuJJpQqhsZqGLwjhh81qSvZ9BhB2FQi
toJSON()
Returns an obj
of the form
obj.id: String
- The multihash encoded in base58
obj.pubKey: String
- The public key in protobuf format, encoded in 'base64'obj.privKey: String
- The private key in protobuf format, encoded in 'base 64'marshal(excludePrivateKey)
Returns a protocol-buffers encoded version of the id, public key and, if excludePrivateKey
is not set, the private key.
marshalPubKey()
Returns a protobuf of just the public key, compatible with libp2p-crypto
(unlike marshal
above).
For example:
const crypto = require('libp2p-crypto')
PeerId.create({ bits: 256, keyType: 'ed25519' }).then( pid => {
let pk = crypto.keys.unmarshalPublicKey(pid.marshalPubKey())
// your code here
}
toPrint()
Returns the Peer ID as a printable string without the Qm
prefix.
Example: <peer.ID xxxxxx>
equals(id)
Returns true
if the given PeerId is equal to the current instance.
id
can be a PeerId or a Buffer containing the idisEqual(id)
Deprecation Notice: Use equals
, isEqual
will be removed in 0.14.0.
id
can be a PeerId or a Buffer containing the idisPeerId(id)
Returns true
if the given id is an instance of PeerId
id
should be an instance of PeerIdMIT
FAQs
IPFS Peer Id implementation in Node.js
We found that peer-id demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.