Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
uport-registry
Advanced tools
The registry has been deployed at the following locations:
0xb9C1598e24650437a3055F7f66AC1820c419a679
0x022f41a91cb30d6a20ffcfde3f84be6c1fa70d60
The uPort registry library lets you set the attributes of a uPort identity. The attributes needs to be in a JSON format. Right now we are focusing on
but we intend to support the full Schema.org Person schema. The Full Name and Profile Picture is stored in IPFS as a JSON structure that corresponds to the schema.org schema:
{
"@context": "http://schema.org/",
"@type": "Person",
"name": "Christian Lundkvist",
"image": [{"@type": "ImageObject",
"name": "avatar",
"contentUrl" : "/ipfs/QmUSBKeGYPmeHmLDAEHknAm5mFEvPhy2ekJc6sJwtrQ6nk"}]
}
and an IPFS hash of this structure is stored in the contract as a bytes
structure.
The uPort Registry Library allows you to set attributes of and/or view attributes of uPort identities in your Dapp.
npm run test
To use the library, first include it in your project:
var UportRegistry = require("uport-registry");
var registry = new UportRegistry()
It defaults to the Infura IPFS server but you can easily set it to a local server or use another client library using setIpfsProvider
You can change the ipfs connection details by passing a configuration object containing a
var registry = new UportRegistry({
ipfs: { host: '127.0.0.1', port: 5001 }
});
We also support a full ipfs-js-api compliant client:
const ipfsApi = require('ipfs-api');
var registry = new UportRegistry({
ipfs: ipfsAPI('localhost', '5001', {protocol: 'http'})
});
By default it connects to Infura's ropsten network. But you can change it by passing in your own web3 provider.
var Web3 = require('web3');
var registry = new UportRegistry({
web3prov: new Web3.providers.HttpProvider('https://ropsten.infura.io/uport-registry')
});
By default it uses the ropsten uport registry at 0xb9C1598e24650437a3055F7f66AC1820c419a679
. You can change this using the registryAddress setting.
var Web3 = require('web3');
var registry = new UportRegistry({
web3prov: new Web3.providers.HttpProvider('https://mainnet.infura.io/uport-registry'),
registryAddress: '0x022f41a91cb30d6a20ffcfde3f84be6c1fa70d60'
});
var attributes =
{
"@context": "http://schema.org",
"@type": "Person",
"name": "Christian Lundkvist",
"image": [{"@type": "ImageObject",
"name": "avatar",
"contentUrl" : "/ipfs/QmUSBKeGYPmeHmLDAEHknAm5mFEvPhy2ekJc6sJwtrQ6nk"}]
}
registry.setAttributes( attributes,
{from: myAddr}
).then(function ()
{console.log('Attributes set.')})
If you have an address of the current uPort identity, you can get their associated attributes using the command uPortRegistry.getAttributes()
. This command looks up the attributes and returns a JSON structure.
var registryAddress = '0xb9C1598e24650437a3055F7f66AC1820c419a679'
var uportId = '0xdb24b49d8f7e47d30498ee2a846375c3ba771d3e'
registry.getAttributes(uportId).then(function (attributes)
{console.log(attributes)})
FAQs
uPort Registry contracts and JS middleware
The npm package uport-registry receives a total of 632 weekly downloads. As such, uport-registry popularity was classified as not popular.
We found that uport-registry demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.