Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Javascript implementation of the SSB binary field encodings spec.
The spec only has one type of nil, but JavaScript has two: null
and
undefined
. ssb-bfe will treat these two values in a way that mirrors what
JSON.stringify does:
null
field becomes an object with the
nil marker
JSON.stringify({a: null}) === '{"a": null}'
null
element becomes an array with the
nil marker
JSON.stringify([null]) === '[null]'
undefined
field will omit that field
JSON.stringify({a: undefined}) === '{}'
undefined
element becomes an array with
the nil marker
JSON.stringify([undefined]) === '[null]'
encode(input)
Takes any JavaScript primitive and returns its encoded counterpart. Is applied recursively in case the input is an object or an array. All inputs are converted to TFD Buffers, except for objects, arrays, and numbers, which remain the same.
decode(input)
Takes an encoded value (such as the output from encode
) and returns the
decoded counterparts as JavaScript primitives.
decodeTypeFormat(input, typeName, formatName)
Takes an encoded value (such as the output from encode
), a typeName
and formatName and returns the decoded counterparts as JavaScript
primitives. This is much faster than decode if you know the type.
bfeTypes
Returns the bfe.json
object that can be used to look up information
based on Type and Field. Example:
const { bfeTypes } = require('ssb-bfe')
const classic_key_size = bfeTypes[0][0].data_length
bfeNamedTypes
Returns the bfe.json
object converted to a map where the keys are
the type and format names. Example:
const { bfeNamedTypes } = require('ssb-bfe')
const FEED = bfeNamedTypes['feed']
const CLASSIC_FEED_TF = Buffer.from([FEED.code, FEED.formats['classic'].code])
toTF(typeName, formatName)
Sometimes when you're wanting to check what sort of buffer you're handling, you want to pivot on the type and format bytes.
const CLASSIC_MSG_TF = Buffer.from([1, 0]) // << Did I get the right codes?
if (buf.slice(0, 2).equals(CLASSIC_MSG_TF)) {
// ...
}
because remembering those codes is tricky, it's safer to use this convenience method:
const CLASSIC_MSG_TF = bfe.toTF('msg', 'classic')
If you remembered the type or format name wrong, you'll instantly get an error!
Given any input, these functions tell you whether the input is of the specified type (and format, if applicable). Example:
const bfe = require('ssb-bfe')
const x = bfe.encode('@6CAxOI3f+LUOVrbAl0IemqiS7ATpQvr9Mdw9LC4+Uv0=.ed25519')
bfe.isEncodedFeedClassic(x) // true
List of functions:
isEncodedFeed(input) => boolean
isEncodedFeedClassic(input) => boolean
isEncodedFeedGabbygroveV1(input) => boolean
isEncodedFeedBamboo(input) => boolean
isEncodedFeedBendybuttV1(input) => boolean
isEncodedFeedButtwooV1(input) => boolean
isEncodedMessage(input) => boolean
isEncodedMessageClassic(input) => boolean
isEncodedMessageGabbygroveV1(input) => boolean
isEncodedMessageCloaked(input) => boolean
isEncodedMessageBamboo(input) => boolean
isEncodedMessageBendybuttV1(input) => boolean
isEncodedMessageButtwooV1(input) => boolean
isEncodedBlob(input) => boolean
isEncodedBlobClassic(input) => boolean
isEncodedEncryptionKey(input) => boolean
isEncodedEncryptionKeyBox2DmDh(input) => boolean
isEncodedEncryptionKeyBox2PoboxDh(input) => boolean
isEncodedSignature(input) => boolean
isEncodedSignatureMsgEd25519(input) => boolean
isEncodedEncrypted(input) => boolean
isEncodedEncryptedBox1(input) => boolean
isEncodedEncryptedBox2(input) => boolean
isEncodedGeneric(input) => boolean
isEncodedGenericStringUTF8(input) => boolean
isEncodedGenericBoolean(input) => boolean
isEncodedGenericNil(input) => boolean
isEncodedGenericAnyBytes(input) => boolean
isEncodedIdentity(input) => boolean
isEncodedIdentityPoBox(input) => boolean
FAQs
Binary Field Encodings (BFE) for Secure Scuttlebutt (SSB)
The npm package ssb-bfe receives a total of 73 weekly downloads. As such, ssb-bfe popularity was classified as not popular.
We found that ssb-bfe demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 19 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.