Security News
CISA Brings KEV Data to GitHub
CISA's KEV data is now on GitHub, offering easier access, API integration, commit history tracking, and automated updates for security teams and researchers.
secure-upload
Advanced tools
secure-upload is a kernel module that provides uploading functionality. The final skylink of the file is computed before uploading to the kernel, which means that the user is guaranteed that the data in the skylink matches the intended upload, the portal cannot cheat here.
secure-upload does trust the portal to properly custody the file on Sia. If the portal decides to delete the file, the file may unexpectedly become unavailable on Skynet. The portal cannot however modify the data, any modifcations will be ignored.
Input:
{
module: "AQD1kFeJJhRnkgWGD-ws6V1QITQrHd2WX5pQnU78MM_o3Q",
method: "secureUpload",
data: {
filename: <string>,
fileData: <Uint8Array>,
},
}
Output:
{
skylink: <immutable skylink>,
}
Use npm run build
to build and deploy the developer version of the module.
This creates a unique seed for each machine that allows you to run tests
against a full skynet module without having to push unfinished code to prod.
Use npm run deploy
to build and deploy the production code. A password will
be requested which is required to deploy to prod.
If this is the first time you have called 'npm run deploy' for this module, you will be asked to create a password. Use a secure password! If someone can guess your password, they can deploy any code they want to your users.
We currently use a password scheme because it is more decentralized. We do not want a central server that controls the deployment process in the Skynet ecosystem. Over time, we will be able to add more sophisticated tooling such as a decentralized 2FA scheme and a decentralized code approval process which ensures code cannot be shipped to users without some process and oversight.
FAQs
skynet kernel module to securely upload files to skynet
The npm package secure-upload receives a total of 2 weekly downloads. As such, secure-upload popularity was classified as not popular.
We found that secure-upload demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA's KEV data is now on GitHub, offering easier access, API integration, commit history tracking, and automated updates for security teams and researchers.
Security News
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.