Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
ssb-client
Advanced tools
Scuttlebot client.
Create an rpc connection to an sbot running locally.
var ssbClient = require('ssb-client')
var ssbKeys = require('ssb-keys')
// simplest usage, connect to localhost sbot
// this will cb with an error if an sbot server is not running
ssbClient(function (err, sbot) {
// ...
})
// configuration:
var keys = ssbKeys.loadOrCreateSync('./app-private.key')
ssbClient(
keys, // optional, defaults to ~/.ssb/secret
{
host: 'localhost', // optional, defaults to localhost
port: 8008, // optional, defaults to 8008
key: keys.id, // optional, defaults to keys.id
caps: {
// random string for `appKey` in secret-handshake
shs: ''
},
// Optional muxrpc manifest. Defaults to manifest provided by server.
manifest: {}
},
function (err, sbot, config) {
// ...
}
)
Create a connection to the local ssb-server
instance, using the default keys.
Configuration and keys will be loaded from directory specified by ssb_appname
.
(by default ~/.ssb
)
The manifest will be the manifest provided by that server.
Calling this without arguments is handy for scripts, but applications should use the clearer apis.
there is a legacy api, that makes things as "easy" as possible, by loading configuration and defaults. This is useful for scripts but applications should probably use
Connect to a specific server with fixed settings. All fields are mandatory.
Connect to a client with some custom settings.
opts supports the keys:
remote
multiserver address to connect tohost, port, key
(legacy) if remote is not set, assemble address from host, port, key.manifest
use a custom manifest.If you need custom options, it's recommended to use the createCustomClient
API
instead, but this is still provided for legacy support.
See ssb-keys. The keys look like this:
{
id: String,
public: String,
private: String,
curve: 'ed25519'
}
caps.shs
is a random string passed to secret-handshake. It determines which sbot you are able to connect to. It defaults to a magic string in this repo and also in scuttlebot
var appKey = Buffer.from(opts.caps.shs, 'base64')
MIT, Copyright 2015 Paul Frazee and Dominic Tarr
FAQs
scuttlebot client
The npm package ssb-client receives a total of 46 weekly downloads. As such, ssb-client popularity was classified as not popular.
We found that ssb-client demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 23 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.