Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
Iris-lib
Decentralize everything.
Iris is a fully decentralized p2p database that you can use to build all kinds of decentralized applications.
- "Accounts" are just key pairs that can be created at will. No signup required.
- Stores everything offline-first, and syncs with other users over a publish-subscribe network.
- Callback system for real-time updates.
- Supports public and private (encrypted) data.
- Make aggregate queries from your social network or other group. For example:
- Fetch the latest posts from your extended social network.
- Fetch the latest posts from the users on a list maintained by a moderator of your choice.
- Fetch 3d objects in a virtual room from your friends.
- Super simple API
Used by iris-messenger (source), a decentralized social networking application.
Installation
npm install iris-lib
or
yarn add iris-lib
Import:
import iris from 'iris-lib';
or include the script in your html:
<script src="https://raw.githubusercontent.com/irislib/iris-messenger/master/iris-lib/dist/iris.umd.production.min.js"></script>
Usage
Read/write public profiles:
// Subscribe to your profile name
iris.public().get('profile').get('name').on((name) => {
console.log('My name is', name);
});
// Set your profile name
iris.public().get('profile').get('name').put('John Doe');
// Subscribe to someone else's profile name
const pub = 'hyECQHwSo7fgr2MVfPyakvayPeixxsaAWVtZ-vbaiSc.TXIp8MnCtrnW6n2MrYquWPcc-DTmZzMBmc2yaGv9gIU'; // Iris public key
iris.public(pub).get('profile').get('name').on((name) => {
console.log('Someone else\'s name is', name);
});
Make a public post and get posts from everyone in your social network:
iris.session.init(); // Generate a new keypair and crawl the Iris social network using a default entry point.
iris.public().get('msgs').get(new Date().toISOString()).put({text: 'Hello world!'});
iris.group('everyone').map('msgs', (msg, from) => {
console.log('msg from', from.slice(0,6), msg);
});
Private messaging, browser 1:
const user1 = iris.session.getKey();
console.log('User 1 key:', user1);
iris.private(user2.pub).send('Hello, user 2!');
iris.private(user2.pub).getMessages(msg => {
console.log('User 1 received a message:', msg);
});
Private messaging, browser 2:
const user2 = iris.session.getKey();
console.log('User 2 key:', user2);
iris.private(user1.pub).send('Hello, user 1!');
iris.private(user1.pub).getMessages(msg => {
console.log('User 2 received a message:', msg);
});
FAQs
*Decentralize everything.*
We found that iris-lib demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 01 Feb 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026