Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
streamr-client-protocol
Advanced tools
Readme
TypeScript implementations of Streamr Protocol messages and their serialization and deserialization. This is shared code used by other packages in this monorepo.
The package is available on npm as streamr-client-protocol
.
Every message type from both the Control Layer and the Message Layer is defined as a class and has a static create
method that takes class-specific arguments to build an instance of the latest version of the message type. The arguments for each message type are defined in the protocol documentation and in the definition of the create
method.
This example shows how to create a StreamMessage
and encapsulate it in a PublishRequest
.
const streamMessage = new StreamMessage({
messageId: new MessageID(...),
content
})
const publishRequest = new PublishRequest({
requestId: 'requestId',
streamMessage,
})
Every message type from both the Control Layer and the Message Layer has a serialize
method, which takes as argument the version to serialize to. By default, it serializes to the latest version of the message type. The serialize
methods return a string.
const streamMessage = new StreamMessage({...})
streamMessage.serialize() // to latest version
// > '[31,["streamId",0,1529549961116,"publisherId","msgChainId"],null,27,0,{"foo":"bar"},0,null]'
streamMessage.serialize(30) // to MessageLayer version 30
// > '[30,["streamId",0,1529549961116,"publisherId","msgChainId"],null,27,{"foo":"bar"},0,null]'
const subscribeRequest = new SubscribeRequest({
streamId: 'streamId',
streamPartition: 0,
sessionToken: 'sessionToken',
})
subscribeRequest.serialize() // to latest version
// > '[2,9,"requestId","streamId",0,"sessionToken"]'
subscribeRequest.serialize(1) // to ControlLayer version 1
// > '[1,9,"streamId",0,"sessionToken"]'
For deserialization, use the static deserialize
method that is present in ControlMessage
for the ControlLayer and StreamMessage
for the Message Layer. The deserialize
method accepts both strings and arrays as input.
const serializedStreamMessage = '[30,["streamId",0,1529549961116,"publisherId","msgChainId"],null,27,{"foo":"bar"},0,null]'
const streamMessage = StreamMessage.deserialize(serializedStreamMessage)
On the other hand, the Control Layer has many different message types. So we can only know that the deserialize
method will return a ControlMessage
. We can use the type
field to differentiate.
const serializedMessage = '[1,9,"streamId",0,"sessionToken"]'
const controlMessage = ControlMessage.deserialize(serializedMessage)
if (controlMessage.type === ControlMessage.TYPES.UnicastMessage) {
//treat it as a UnicastMessage
} else if (controlMessage.type === ControlMessage.TYPES.SubscribeRequest) {
//treat it as a SubscribeRequest
} else if (...) {
} else {
throw new Error(`Unknown type: ${controlMessage.type}`)
}
Publishing to NPM is automated via Github Actions. Follow the steps below to publish stable (latest
) or beta
.
git checkout master && git pull
npm version [patch|minor|major]
. Use semantic versioning
https://semver.org/. Files package.json and package-lock.json will be automatically updated, and an appropriate git commit and tag created.git push --follow-tags
npm version [prepatch|preminor|premajor] --preid=beta
. Use semantic versioning
https://semver.org/. Files package.json and package-lock.json will be automatically updated, and an appropriate git commit and tag created.git push --follow-tags
FAQs
Unknown package
We found that streamr-client-protocol demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 13 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.