Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Communication manager for Zbay project. Uses OrbitDB, Libp2p, Tor and websockets.
Requirements:
Install dependencies:
npm install
Run entryNode.ts
ts-node entryNode.ts
With logs:
DEBUG=waggle:* ts-node entryNode.ts
By default each run will create new onion address and new peerId. If you want to keep them persistent, set env variables:
PEERID_FILE=myPeerId.json
HIDDEN_SERVICE_SECRET=<myHiddenTorServiceSecret>
PEERID_FILE must point to .json file with peer data (see entryNodePeerId.json). Peer data can be obtained by:
import PeerId from 'peer-id'
const peerId = await PeerId.create()
peerId.toJSON()
HIDDEN_SERVICE_SECRET can be retrieved from Tor.createNewHiddenService.
If you don't want to connect to our entry node, set also BOOTSTRAP_ADDRS env variable. It's a multiaddrs of one of your local nodes:
BOOTSTRAP_ADDRS=/dns4/<yourBootstrapNodeOnionAddress>/tcp/<yourBootstrapNodePort>/ws/p2p/<yourBootstrapNodePeerId>
docker-compose helps to create a local network of nodes (waggles). This is purely for testing purposes. By default it creates 3 services, one of them being the entry node and the rest regular nodes.
docker-compose build
docker-compose up // Run default - 3 peers
docker-compose up --scale peer=3 // Run with scaled number of regular peers
Currently there is no db data in this network - to be added.
// TODO
[4.3.7]
FAQs
tlg-manager
The npm package waggle receives a total of 21 weekly downloads. As such, waggle popularity was classified as not popular.
We found that waggle demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.