Installations
npm install @libp2p/peer-store
Score
88.3
Supply Chain
87.1
Quality
98.9
Maintenance
100
Vulnerability
80.1
License
Releases
webrtc: v5.0.19
Published on 19 Nov 2024
circuit-relay-v2: v3.1.3
Published on 19 Nov 2024
mplex: v11.0.13
Published on 19 Nov 2024
floodsub: v10.1.11
Published on 19 Nov 2024
perf: v4.0.13
Published on 19 Nov 2024
pnet: v2.0.13
Published on 19 Nov 2024
Developer
Developer Guide
Module System
ESM
Min. Node Version
Typescript Support
Yes
Node Version
22.11.0
NPM Version
10.9.0
Statistics
2,342 Stars
6,537 Commits
446 Forks
70 Watching
52 Branches
221 Contributors
Updated on 28 Nov 2024
Languages
TypeScript (99.04%)
JavaScript (0.83%)
Go (0.08%)
Makefile (0.04%)
Dockerfile (0.01%)
Total Downloads
Cumulative downloads
Total Downloads
1,336,999
Last day
7.9%
2,322
Compared to previous day
Last week
11.7%
15,724
Compared to previous week
Last month
-2.3%
68,928
Compared to previous month
Last year
50.6%
732,901
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
The JavaScript implementation of the libp2p Networking Stack
[!NOTE] Are you tring to upgrade libp2p to the latest version? Check out the migration guides for any changes you need to make.
Project status
This project has been used in production for years in Ethereum, IPFS, and more. It is actively maintained by multiple organizations and continues to be improved! The API might change, but we strictly follow semver.
The documentation in the main branch may contain changes from a pre-release.
If you are looking for the documentation of the latest release, you can view the latest release on npm, or select the tag in github that matches the version you are looking for.
[!TIP] Just tring to figure out what this is all about? Check our GETTING_STARTED.md guide and examples.
Background
libp2p is the product of a long and arduous quest to understand the evolution of the Internet networking stack. In order to build P2P applications, devs have long had to make custom ad-hoc solutions to fit their needs, sometimes making some hard assumptions about their runtimes and the state of the network at the time of their development. Today, looking back more than 20 years, we see a clear pattern in the types of mechanisms built around the Internet Protocol, IP, which can be found throughout many layers of the OSI layer system, libp2p distils these mechanisms into flat categories and defines clear interfaces that once exposed, enable other protocols and applications to use and swap them, enabling upgradability and adaptability for the runtime, without breaking the API.
We are in the process of writing better documentation, blog posts, tutorials and a formal specification. Today you can find:
- libp2p.io
- docs.libp2p.io
- Specification (WIP)
- Discussion Forums
- Talks
- Articles
To sum up, libp2p is a "network stack" -- a protocol suite -- that cleanly separates concerns, and enables sophisticated applications to only use the protocols they absolutely need, without giving up interoperability and upgradeability. libp2p grew out of IPFS, but it is built so that lots of people can use it, for lots of different projects.
Roadmap
The js-libp2p roadmap can be found here: https://github.com/libp2p/js-libp2p/blob/main/ROADMAP.md
It represents current projects the js-libp2p maintainers are focused on and provides an estimation of completion targets.
Install
1npm install libp2p
Usage
Configuration
For all the information on how you can configure libp2p see CONFIGURATION.md.
Limits
For help configuring your node to resist malicious network peers, see LIMITS.md
Getting started
If you are starting your journey with js-libp2p
, read the GETTING_STARTED.md guide.
Tutorials and Examples
You can find multiple examples on the examples repo that will guide you through using libp2p for several scenarios.
Structure
/doc
Docs for libp2p/interop
Multidimension Interop Test/packages/crypto
Crypto primitives for libp2p/packages/interface
The interface implemented by a libp2p node/packages/interface-compliance-tests
Compliance tests for JS libp2p interfaces/packages/interface-internal
Interfaces implemented by internal libp2p components/packages/kad-dht
JavaScript implementation of the Kad-DHT for libp2p/packages/keychain
Key management and cryptographically protected messages/packages/libp2p
JavaScript implementation of libp2p, a modular peer to peer network stack/packages/logger
A logging component for use in js-libp2p modules/packages/metrics-prometheus
Collect libp2p metrics for scraping by Prometheus or Graphana/packages/multistream-select
JavaScript implementation of multistream-select/packages/peer-collections
Stores values against a peer id/packages/peer-discovery-bootstrap
Peer discovery via a list of bootstrap peers/packages/peer-discovery-mdns
Node.js libp2p mDNS discovery implementation for peer discovery/packages/peer-id
Implementation of @libp2p/interface-peer-id/packages/peer-record
Used to transfer signed peer data across the network/packages/peer-store
Stores information about peers libp2p knows on the network/packages/protocol-echo
Implementation of an Echo protocol/packages/protocol-perf
Implementation of the Perf protocol/packages/pubsub
libp2p pubsub base class/packages/pubsub-floodsub
libp2p-floodsub, also known as pubsub-flood or just dumbsub, this implementation of pubsub focused on delivering an API for Publish/Subscribe, but with no CastTree Forming (it just floods the network)./packages/record
libp2p record implementation/packages/stream-multiplexer-mplex
JavaScript implementation of https://github.com/libp2p/mplex/packages/transport-tcp
A TCP transport for libp2p/packages/transport-webrtc
A libp2p transport using WebRTC connections/packages/transport-websockets
JavaScript implementation of the WebSockets module that libp2p uses and that implements the interface-transport spec/packages/transport-webtransport
JavaScript implementation of the WebTransport module that libp2p uses and that implements the interface-transport spec/packages/utils
Package to aggregate shared logic and dependencies for the libp2p ecosystem
Development
Clone and install dependencies:
1> git clone https://github.com/libp2p/js-libp2p.git 2> cd js-libp2p 3> npm install 4> npm run build
Tests
Run unit tests
1# run all the unit tsts 2> npm test 3 4# run just Node.js tests 5> npm run test:node 6 7# run just Browser tests (Chrome) 8> npm run test:chrome
Packages
List of packages currently in existence for libp2p
This table is generated using the module
package-table
withpackage-table --data=package-list.json
.
Package | Version | Deps | CI | Coverage |
---|---|---|---|---|
libp2p | ||||
libp2p | ||||
@libp2p/interface | ||||
transports | ||||
@libp2p/tcp | ||||
@libp2p/webrtc | ||||
@libp2p/websockets | ||||
@libp2p/webtransport | ||||
secure channels | ||||
@chainsafe/libp2p-noise | ||||
@libp2p/plaintext | ||||
stream multiplexers | ||||
@chainsafe/libp2p-yamux | ||||
peer discovery | ||||
@libp2p/bootstrap | ||||
@libp2p/kad-dht | ||||
@libp2p/mdns | ||||
@chainsafe/discv5 | ||||
content routing | ||||
@libp2p/http-v1-content-routing | ||||
@libp2p/delegated-content-routing | ||||
@libp2p/kad-dht | ||||
peer routing | ||||
@libp2p/delegated-peer-routing | ||||
@libp2p/kad-dht | ||||
utilities | ||||
@libp2p/crypto | ||||
data types | ||||
@libp2p/peer-id | ||||
@libp2p/peer-record | ||||
pubsub | ||||
@ChainSafe/libp2p-gossipsub | ||||
@libp2p/floodsub |
Used by
And many others...
Contribute
See CONTRIBUTING.md.
API Docs
License
Licensed under either of
- Apache 2.0, (LICENSE-APACHE / http://www.apache.org/licenses/LICENSE-2.0)
- MIT (LICENSE-MIT / http://opensource.org/licenses/MIT)
No vulnerabilities found.
Reason
30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE-APACHE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE-APACHE:0
Reason
no binaries found in the repo
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/examples.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/examples.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/examples.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/examples.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/examples.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/examples.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/examples.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/examples.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:166: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:259: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:265: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:268: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:272: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:216: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:231: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: containerImage not pinned by hash: interop/BrowserDockerfile:1: pin your Docker image by updating mcr.microsoft.com/playwright to mcr.microsoft.com/playwright@sha256:02810c978d5396bf382ab6015c25ad6bed9e39f4a41c5b9c829e9fea439274e2
- Warn: containerImage not pinned by hash: interop/Dockerfile:3: pin your Docker image by updating node:lts to node:lts@sha256:5c76d05034644fa8ecc9c2aa84e0a83cd981d0ef13af5455b87b9adf5b216561
- Warn: npmCommand not pinned by hash: interop/BrowserDockerfile:12
- Warn: npmCommand not pinned by hash: interop/Dockerfile:14
- Info: 0 out of 31 GitHub-owned GitHubAction dependencies pinned
- Info: 8 out of 26 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 containerImage dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
Found 3/27 approved changesets -- score normalized to 1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/main.yml:255
- Warn: no topLevel permission defined: .github/workflows/automerge.yml:1
- Warn: no topLevel permission defined: .github/workflows/examples.yml:1
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Warn: no topLevel permission defined: .github/workflows/semantic-pull-request.yml:1
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 27 are checked with a SAST tool
Score
5.2
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More