Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The JavaScript API client for TODO: Add web url
Install the package using npm
npm install w3name
import * as Name from 'w3name'
const name = await Name.create()
console.log('Name:', name.toString())
// e.g. k51qzi5uqu5di9agapykyjh3tqrf7i14a7fjq46oo0f6dxiimj62knq13059lt
// The value to publish
const value = '/ipfs/bafkreiem4twkqzsq2aj4shbycd4yvoj2cx72vezicletlhi7dijjciqpui'
const revision = await Name.v0(name, value)
await Name.publish(revision, name.key)
⚠️ Note: revisions live for 1 year after creation by default.
import * as Name from 'w3name'
const name = Name.parse('k51qzi5uqu5di9agapykyjh3tqrf7i14a7fjq46oo0f6dxiimj62knq13059lt')
const revision = await Name.resolve(name)
console.log('Resolved value:', revision.value)
// e.g. /ipfs/bafkreiem4twkqzsq2aj4shbycd4yvoj2cx72vezicletlhi7dijjciqpui
Updating records involves creating a new revision from the previous one.
import * as Name from 'w3name'
const name = await Name.create()
const value = '/ipfs/bafkreiem4twkqzsq2aj4shbycd4yvoj2cx72vezicletlhi7dijjciqpui'
const revision = await Name.v0(name, value)
await Name.publish(revision, name.key)
// ...later
const nextValue = '/ipfs/bafybeiauyddeo2axgargy56kwxirquxaxso3nobtjtjvoqu552oqciudrm'
// Make a revision to the current record (increments sequence number and sets value)
const nextRevision = await Name.increment(revision, nextValue)
await Name.publish(nextRevision, name.key)
The private key used to sign IPNS records should be saved if a revision needs to be created in the future.
import * as Name from 'w3name'
import fs from 'fs'
// Creates a new "writable" name with a new signing key
const name = await Name.create()
// Store the signing key to a file for use later
await fs.promises.writeFile('priv.key', name.key.bytes)
// ...later
const bytes = await fs.promises.readFile('priv.key')
const name = await Name.from(bytes)
console.log('Name:', name.toString())
// e.g. k51qzi5uqu5di9agapykyjh3tqrf7i14a7fjq46oo0f6dxiimj62knq13059lt
The current revision for a name may need to be serialized to be stored on disk or transmitted and then deserialized later. Note that revisions are not IPNS records - they carry similar data, but are not signed.
import * as Name from 'w3name'
import fs from 'fs'
const { Revision } = Name
const name = await Name.create()
const value = '/ipfs/bafkreiem4twkqzsq2aj4shbycd4yvoj2cx72vezicletlhi7dijjciqpui'
const revision = await Name.v0(name, value)
// Store the record to a file for use later
// Note: Revision.encode does NOT encode signing key data
await fs.promises.writeFile('ipns.revision', Revision.encode(rev))
// ...later
const bytes = await fs.promises.readFile('ipns.revision')
const revision = Revision.decode(bytes)
FAQs
The JavaScript API client w3name
The npm package w3name receives a total of 4,217 weekly downloads. As such, w3name popularity was classified as popular.
We found that w3name demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.