Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
@graphprotocol/cost-model
Advanced tools
Agora
The evaluation tool
The source for the evaluation tool lives under this repo at ./agora/.
Installation
To compile and run from source:
Install Rustup
If you don't have cargo already, install it by following the instructions here: https://www.rust-lang.org/tools/install
Compile and Run
The first step in using the tool is to compile it with cargo.
cd ./agora
cargo build --release
The tool will be compiled to /target/release/.
cd target/release/
./agora -h
This should print the available command-line arguments, which, at the time of this writing will look like this:
agora 0.1.0
USAGE:
agora [OPTIONS]
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
-c, --cost <cost> A cost model to use for costing
--globals <globals>
--grt-per-time <grt-per-time>
-l, --load-log <load-log>... Load request log file(s) supports json and tree-buf
--sample <sample> Take a sample of the request log. Unit interval [default: 1.0]
--save-log <save-log> Save the request log file. Only tree-buf is supported
Usage
The arguments to the tool are meant to be combined to instruct agora to accomplish tasks. What follows are just examples:
# Load two log files (from json lines format)
# Sample the logs at 10%
# Save the result as a single tree-buf file
./agora \
--load-log ./log1.jsonl \
--load-log ./log2.jsonl \
--sample 0.1 \
--save-log ./logs.treebuf
# Load the sampled/combined file
# And evaluate the effectiveness of our pricing
./agora \
--load-log ./logs.treebuf \
--globals ./globals.json \
--grt-per-time 0.0001 \
--cost ./cost-model.agora
Cost Models
Agora uses a specialized language for defining cost models that can react to changes in Query structure and parameters. See the documentation to learn about the Agora cost model language.
Copyright
Copyright © 2020 The Graph Foundation.
Licensed under the MIT license.
FAQs
Cost model
The npm package @graphprotocol/cost-model receives a total of 75 weekly downloads. As such, @graphprotocol/cost-model popularity was classified as not popular.
We found that @graphprotocol/cost-model demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 27 open source maintainers collaborating on the project.
Package last updated on 06 Dec 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026