Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
uport-registry
Advanced tools
The registry has been deployed at the following locations:
0xa9be82e93628abaac5ab557a9b3b02f711c0151c
0x022f41a91cb30d6a20ffcfde3f84be6c1fa70d60
The uPort registry library lets you set the attributes of a uPort identity. The attributes needs to be in a JSON format. Right now we are focusing on
but we intend to support the full Schema.org Person schema. The Full Name and Profile Picture is stored in IPFS as a JSON structure that corresponds to the schema.org schema:
{
"@context": "http://schema.org/",
"@type": "Person",
"name": "Christian Lundkvist",
"image": [{"@type": "ImageObject",
"name": "avatar",
"contentUrl" : "/ipfs/QmUSBKeGYPmeHmLDAEHknAm5mFEvPhy2ekJc6sJwtrQ6nk"}]
}
and an IPFS hash of this structure is stored in the contract as a bytes
structure.
The uPort Registry Library allows you to set attributes of and/or view attributes of uPort identities in your Dapp. You need to set a web3 provider using uPortRegistry.setWeb3Provider
in order to access the Ethereum contracts, and you need to set an Ipfs provider using uPortRegistry.setIpfsProvider
to access data stored in IPFS.
Remember to have a local IPFS node and Ethereum node running.
npm run test
To use the library, first include it in your project:
Node
var uportRegistry = require("uport-registry");
Then, setup your uportRegistry
object using the code
below. IMPORTANT: if you are using this module for the browser, you
should configure you uportRegistry
object differently (see code
below for Browser).
var ipfsApi = require('ipfs-api');
var web3 = require('web3');
uportRegistry.setIpfsProvider(ipfsApi(<hostname>, <port>));
uportRegistry.setWeb3Provider(new web3.providers.HttpProvider('http://localhost:8545'));
Browser
<!-- uportRegistry library. -->
<script type="text/javascript" src="./dist/uportregistry.js"></script>
Configure your uportRegistry object using the code below. IMPORTANT: This code is only valid if you will use it on Browsers (see above).
uportRegistry.setIpfsProvider({host: <hostname>, port: <port>});
uportRegistry.setWeb3Provider(new web3.providers.HttpProvider('http://localhost:8545'));
var registryAddress = '0xbf014c4d7697cd83c9451a93648773cf510dc766'
var attributes =
{
"@context": "http://schema.org",
"@type": "Person",
"name": "Christian Lundkvist",
"image": [{"@type": "ImageObject",
"name": "avatar",
"contentUrl" : "/ipfs/QmUSBKeGYPmeHmLDAEHknAm5mFEvPhy2ekJc6sJwtrQ6nk"}]
}
uPortRegistry.setAttributes(registryAddress,
attributes,
{from: myAddr}
).then(function ()
{console.log('Attributes set.')})
If you have an address of the current uPort identity, you can get their associated attributes using the command uPortRegistry.getAttributes()
. This command looks up the attributes and returns a JSON structure.
var registryAddress = '0xbf014c4d7697cd83c9451a93648773cf510dc766'
var uportId = '0xdb24b49d8f7e47d30498ee2a846375c3ba771d3e'
uPortRegistry.getAttributes(registryAddress,
uportId
).then(function (attributes)
{console.log(attributes)})
FAQs
uPort Registry contracts and JS middleware
The npm package uport-registry receives a total of 632 weekly downloads. As such, uport-registry popularity was classified as not popular.
We found that uport-registry demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.