Gathering detailed insights and metrics for libp2p
Installations
npm install libp2pDeveloper Guide
BETA
Typescript
Yes
Module System
ESM, UMD
Node Version
22.11.0
NPM Version
10.9.2
Score
89.3
Supply Chain
98.9
Quality
96.4
Maintenance
100
Vulnerability
91.1
License
Releases
2,221
websockets: v9.1.1
websockets-v9.1.1
Published on 07 Jan 2025
upnp-nat: v3.0.3
upnp-nat-v3.0.3
Published on 13 Dec 2024
config: v1.0.0
config-v1.0.0
Published on 13 Dec 2024
webtransport: v5.0.21
webtransport-v5.0.21
Published on 12 Dec 2024
webrtc: v5.0.22
webrtc-v5.0.22
Published on 12 Dec 2024
circuit-relay-v2: v3.1.6
circuit-relay-v2-v3.1.6
Published on 12 Dec 2024
Contributors
222
Languages
5
TypeScript
JavaScript
Go
Makefile
Dockerfile
TypeScript (99.07%)
JavaScript (0.8%)
Go (0.08%)
Makefile (0.04%)
Dockerfile (0.01%)
Developer
Download Statistics
Total Downloads
3,848,219
Last Day
1,762
Last Week
13,706
Last Month
108,619
Last Year
970,713
GitHub Statistics
2,372 Stars
6,574 Commits
453 Forks
69 Watching
53 Branches
222 Contributors
Maintainers
2
Package Meta Information
Latest Version
2.4.2
Package Id
libp2p@2.4.2
Unpacked Size
949.62 kB
Size
221.29 kB
File Count
159
NPM Version
10.9.2
Node Version
22.11.0
Publised On
12 Dec 2024
Total Downloads
Cumulative downloads
Total Downloads
3,848,219
Last day
-1.1%
1,762
Compared to previous day
Last week
-48.6%
13,706
Compared to previous week
Last month
50.5%
108,619
Compared to previous month
Last year
15.6%
970,713
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
28
@chainsafe/is-ip@chainsafe/netmask@libp2p/crypto@libp2p/interface@libp2p/interface-internal@libp2p/logger@libp2p/multistream-select@libp2p/peer-collections@libp2p/peer-id@libp2p/peer-store@libp2p/utils@multiformats/dns@multiformats/multiaddr@multiformats/multiaddr-matcherany-signaldatastore-coreinterface-datastoreit-byte-streamit-mergeit-parallelmerge-optionsmultiformatsp-deferp-retryprogress-eventsrace-eventrace-signaluint8arrays
Versions
The JavaScript implementation of the libp2p Networking Stack
Background
libp2p is the product of a long and arduous quest to understand the evolution of the Internet networking stack. In order to build P2P applications, devs have long had to make custom ad-hoc solutions to fit their needs, sometimes making some hard assumptions about their runtimes and the state of the network at the time of their development. Today, looking back more than 20 years, we see a clear pattern in the types of mechanisms built around the Internet Protocol, IP, which can be found throughout many layers of the OSI layer system, libp2p distils these mechanisms into flat categories and defines clear interfaces that once exposed, enable other protocols and applications to use and swap them, enabling upgradability and adaptability for the runtime, without breaking the API.
We are in the process of writing better documentation, blog posts, tutorials and a formal specification. Today you can find:
- libp2p.io
- docs.libp2p.io
- Specification (WIP)
- Discussion Forums
- Talks
- Articles
To sum up, libp2p is a "network stack" -- a protocol suite -- that cleanly separates concerns, and enables sophisticated applications to only use the protocols they absolutely need, without giving up interoperability and upgradeability. libp2p grew out of IPFS, but it is built so that lots of people can use it, for lots of different projects.
Roadmap
The js-libp2p roadmap can be found here: https://github.com/libp2p/js-libp2p/blob/main/ROADMAP.md
It represents current projects the js-libp2p maintainers are focused on and provides an estimation of completion targets.
Usage
Configuration
For all the information on how you can configure libp2p see CONFIGURATION.md.
Limits
For help configuring your node to resist malicious network peers, see LIMITS.md
Getting started
If you are starting your journey with js-libp2p, read the GETTING_STARTED.md guide.
Tutorials and Examples
You can find multiple examples on the examples repo that will guide you through using libp2p for several scenarios.
Development
Clone and install dependencies:
1> git clone https://github.com/libp2p/js-libp2p.git 2> cd js-libp2p 3> npm install 4> npm run build
Tests
Run unit tests
1# run all the unit tsts 2> npm test 3 4# run just Node.js tests 5> npm run test:node 6 7# run just Browser tests (Chrome) 8> npm run test:chrome
Packages
List of packages currently in existence for libp2p
This table is generated using the module
package-tablewithpackage-table --data=package-list.json.
| Package | Version | Deps | CI | Coverage |
|---|---|---|---|---|
| libp2p | ||||
libp2p |  |  |  |  |
@libp2p/interface |  |  |  |  |
| transports | ||||
@libp2p/tcp |  |  |  |  |
@libp2p/webrtc |  |  |  |  |
@libp2p/websockets |  |  |  |  |
@libp2p/webtransport |  |  |  |  |
| secure channels | ||||
@chainsafe/libp2p-noise |  |  |  |  |
@libp2p/plaintext |  |  |  |  |
| stream multiplexers | ||||
@libp2p/mplex |  |  |  |  |
@chainsafe/libp2p-yamux |  |  |  |  |
| peer discovery | ||||
@libp2p/bootstrap |  |  |  |  |
@libp2p/kad-dht |  |  |  |  |
@libp2p/mdns |  |  |  |  |
@chainsafe/discv5 |  |  |  |  |
| content routing | ||||
@libp2p/http-v1-content-routing |  |  |  |  |
@libp2p/delegated-content-routing |  |  |  |  |
@libp2p/kad-dht | | | | |
| peer routing | ||||
@libp2p/delegated-peer-routing |  |  |  |  |
@libp2p/kad-dht | | | | |
| utilities | ||||
@libp2p/crypto |  |  |  |  |
| data types | ||||
@libp2p/peer-id |  |  |  |  |
@libp2p/peer-record |  |  |  |  |
| pubsub | ||||
@ChainSafe/libp2p-gossipsub |  |  |  |  |
@libp2p/floodsub |  |  |  |  |
Used by
And many others...
Contribute
The libp2p implementation in JavaScript is a work in progress. As such, there are a few things you can do right now to help out:
- Go through the modules and check out existing issues. This would be especially useful for modules in active development. Some knowledge of IPFS/libp2p may be required, as well as the infrastructure behind it - for instance, you may need to read up on p2p and more complex operations like muxing to be able to help technically.
- Perform code reviews. Most of this has been developed by @diasdavid, which means that more eyes will help a) speed the project along b) ensure quality and c) reduce possible future bugs.
- Add tests. There can never be enough tests.
API Docs
License
Licensed under either of
- Apache 2.0, (LICENSE-APACHE / http://www.apache.org/licenses/LICENSE-2.0)
- MIT (LICENSE-MIT / http://opensource.org/licenses/MIT)
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
Stable Version
Stable Version
2.4.2
HIGH
1
HIGH
7.5/10
Summary
libp2p DoS vulnerability from lack of resource management
Affected Versions
< 0.38.0
Patched Versions
0.38.0
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE-APACHE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE-APACHE:0
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/examples.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/examples.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/examples.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/examples.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/examples.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/examples.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/examples.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/examples.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:259: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:265: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:268: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:272: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:166: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:216: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:231: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
- Warn: containerImage not pinned by hash: interop/BrowserDockerfile:1: pin your Docker image by updating mcr.microsoft.com/playwright to mcr.microsoft.com/playwright@sha256:02810c978d5396bf382ab6015c25ad6bed9e39f4a41c5b9c829e9fea439274e2
- Warn: containerImage not pinned by hash: interop/Dockerfile:3: pin your Docker image by updating node:lts to node:lts@sha256:0e910f435308c36ea60b4cfd7b80208044d77a074d16b768a81901ce938a62dc
- Warn: npmCommand not pinned by hash: interop/BrowserDockerfile:12
- Warn: npmCommand not pinned by hash: interop/Dockerfile:14
- Info: 0 out of 31 GitHub-owned GitHubAction dependencies pinned
- Info: 8 out of 26 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
- Info: 0 out of 2 containerImage dependencies pinned
Reason
Found 3/29 approved changesets -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/main.yml:255
- Warn: no topLevel permission defined: .github/workflows/automerge.yml:1
- Warn: no topLevel permission defined: .github/workflows/examples.yml:1
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Warn: no topLevel permission defined: .github/workflows/semantic-pull-request.yml:1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 28 are checked with a SAST tool
Score
5.2
/10
Last Scanned on 2024-12-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More