Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A command line utility for sending requests to TChannel services.
(This project is no longer under active development. Check out yab instead.)
usage: tcurl <service> [--health | <method> [<body>]]
Sends one or more TChannel requests.
<service>
The name of the TChannel/Hyperbahn service to send requests to.
<method>
The name of the endpoint to send requests to or method to call.
[<body>] :jshon
The Thrift or JSON argument in SHON or JSON format.
[--headers <head>] :jshon
The application headers as SHON or JSON arguments.
[-p|--peer <peer>...]
The peer or peers to connect.
[-P|--peerlist <path>]
The path to a file containing a JSON list of peers.
The -H and --hostlist flags are deprecated.
[-r|--raw]
Use the raw argument scheme.
[--http <method>]
Use the HTTP argument scheme with given method.
[-j|--json]
Use the JSON argument scheme.
The -J flag is deprecated.
[-t|--thrift <thrift>]
Where to find Thrift IDL files.
[--no-strict]
Disable strict Thrift parsing.
[--cn|--caller <cn>]
Fake an alternate caller service name.
tcurl is the default.
[--sk|--shard-key <sk>]
Ringpop shard key
The --shardKey flag is deprecated.
[--rd|--routing-delegate <rd>]
Forward to the given service for application-specific routing.
[--timeout <ms>]
Timeout in milliseconds
[--requests <count>]
Number of requests to make
[--rate <rate>]
Request rate in requests per second
[--delay <ms>]
Delay between requests in milliseconds
[--time <ms>]
Benchmark duration in milliseconds
[--health]*
Hit the health endpoint for the service
[-h]* short help
[--help]* man page
[-v|--version]* print version
The [-3|--arg3|--body <body>] argument is deprecated
in favor of passing <body> as JSON or SHON as a positional argument.
The [-2|--arg2|--head <head>] argument is deprecated
in favor of the --headers <headers> argument with JSON or SHON.
Click here for full usage docs.
npm install tcurl
For the purposes of these examples, let's assume that you have a TChannel
server listening on localhost:1234
. The server registers handlers for the
thrift interface saved as services/chamber.thrift
and defined as:
struct EchoRequest {
1: required string input;
}
service Chamber {
string echo(
1: required EchoRequest request;
)
}
You could use TCurl to query this service by running:
tcurl -p localhost:1234 chamber Chamber::echo -t ./services -3 '{"request": {"input": "foo"}}'
localhost
caveatFor TChannel and Hyperbahn to work together effectively, most tchannel services need to listen on the external IP of the host they are running on.
This means when you use 127.0.0.1
you cannot reach the service with tcurl as it's not listening on
loopback.
To make supporting external IPs easier we've made localhost
resolve to the external IP of the machine.
This means if your listening on loopback you have to use 127.0.0.1
and not localhost
TCurl can be configured with default parameters using a either /etc/tcurlrc or a .tcurlrc in the current working directory or any of its parent directories. The rc file may be in INI or JSON format.
{
"hostlist": "/etc/ringpop/hosts.json"
}
npm run add-licence
This will add the licence headers.npm run cover
This runs the tests with code coveragenpm run lint
This will run the linter on your codenpm test
This will run the tests.npm run trace
This will run your tests in tracing mode.npm run travis
This is run by travis.CI to run your testsnpm run view-cover
This will show code coverage in a browserFAQs
A command line utility to talk to a tchannel server
The npm package tcurl receives a total of 21 weekly downloads. As such, tcurl popularity was classified as not popular.
We found that tcurl demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.