npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

qxbot

v1.1.2

Published

> End-to-end encrypted communication system for MQTT

Downloads

63

Readme

QX

End-to-end encrypted communication system for MQTT

QX is a secure, end-to-end encrypted communication system leveraging MQTT for real-time data exchange. Designed with privacy in mind, QX ensures that your communications remain confidential and protected from unauthorized access - even on public brokers.

Features

  • End-to-End Encryption: All messages are encrypted using robust cryptographic protocols to ensure privacy.
  • MQTT Integration: Utilizes public MQTT brokers for efficient message dissemination.
  • Real-Time Communication: Instant message delivery with support for online/offline status.
  • Discovery Mechanism: Easily discover and connect with peers.
  • Heartbeat Mechanism: Maintains active connections and detects offline peers.
  • Replay Protection: Prevents replay attacks to enhance security.

Prerequisites

  • Node.js: Ensure you have Node.js installed (v18+ recommended).
  • MQTT Broker: You need access to an MQTT broker. You can use a public broker or set up a local one (see section below).

Installation

npm install qx

Usage

const { Bot } = require("qx");

const bot = new Bot();

bot.on("connect", () => {
  console.log("Bot connected to MQTT broker");
});

bot.on("message", (data) => {
  console.log(`Received message from ${data.from}:`, data.json);
});

bot.start();

// Sending a message
bot
  .send("recipientId", { text: "Hello!" })
  .then(() => console.log("Message sent"))
  .catch((err) => console.error("Send failed:", err));

Configuration

QX can be configured using environment variables or by passing options during initialization. Below are the primary configuration options:

Environment Variables

  • MQTT_HOST: The MQTT broker URL (default: mqtt://localhost:1883)
  • VERBOSE: Enable verbose logging (true or false) (default: false)

Events

QX provides several events to handle different stages of communication:

| Event | Description | Arguments | | ----------- | ----------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------- | | connect | Emitted when the bot successfully connects to the MQTT broker. | None | | error | Emitted when there is an error during connection, subscription, or messaging. | error: Error object or message. | | offline | Emitted when a registered bot/client is detected to be offline. | data: { hash } - The hash of the offline bot/client. | | online | Emitted when a bot/client becomes online. | data: { hash } - The hash of the online bot/client. | | message | Emitted when a new verified message is received. | data: { from, message, id } - Details about the sender, message content, and message ID. | | ping | Emitted when a ping message is received. | data: { from } - The hash of the sender. | | sent | Emitted when a receipt for a sent message is received. | id: The unique ID of the message that was acknowledged. | | replay | Emitted when a replay attack is detected. | message: Log message indicating the replay detection. | | unknown | Emitted when a message is received from an unregistered bot/client. | data: { from } - The hash of the unknown sender. | | discovery | Emitted when a valid discovery message is received. | data: { id, hash, data } - Information about the discovered bot/client and additional data. | | close | Emitted when the MQTT connection is closed. | None |

API Reference

Bot Methods

  • start(): Connect the bot to the MQTT broker and start listening for messages.
  • stop(): Disconnect the bot from the MQTT broker and clear all intervals.
  • send(to, message): Send a message to a peer. Returns a promise that resolves when the message is acknowledged.
  • sendSync(to, message): Send a message without waiting for an acknowledgment.
  • introduce(to, options): Introduce the bot to another peer with optional metadata.
  • ping(to): Send a ping message to keep the connection active.

Security

QX uses TweetNaCl to provide both encryption and authentication, ensuring that messages are confidential, integrity-protected, and authenticated. This means:

  • Confidentiality: Only the intended recipient can decrypt and read the message.
  • Integrity: The message cannot be tampered with without detection.
  • Authentication: The recipient can verify that the message genuinely originates from the sender.

Note: this library does not currently support non-repudiation, meaning that there is no mechanism to prevent the sender from denying that they sent a message. This was an intentional design decision.

Replay protection

To prevent replay attacks, QX implements a replay protection mechanism. Each message includes a counter that ensures messages are processed in the correct order and are not duplicated. If a message with a counter value lower than or equal to the last received message from a sender is detected, it is identified as a replay and discarded.

bot.on("replay", (message) => {
  console.warn("Replay detected:", message);
});

Setting Up a Local MQTT Broker

EMQX is a highly scalable, open-source MQTT broker. Follow the steps below to install and manage EMQX locally.

brew install emqx
emqx start
emqx stop
emqx -h

Dashboard: http://localhost:18083/