Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@0xflair/evm-contract-scaffold
Advanced tools
A Typescript Hardhat-based template to develop evm-based smart contracts with all the tooling you need.
A Typescript Hardhat-based template to develop evm-based smart contracts with all the tooling you need.
Clone this repo (or click on "Use Template" button above in Github), then update the .github/CODEOWNERS
:
git clone https://github.com/0xflair/evm-contract-scaffold my-amazing-contracts
vi my-amazing-contracts/.github/CODEOWNERS
Create a .env
file based on .env.example
and update the values.
Create your first contract in src/
.
Compile the contracts:
npm run compile
When you are ready, let's deploy the contract on the blockchain and have it verified in corresponding block scanner.
Deploy the contracts:
npm run deploy:rinkeby
Verify the contracts on Etherscan:
npm run verify:rinkeby
If you want your contract to be released as an NPM package you can:
NPM_TOKEN
in your Github repository > Settings > Secrets > Actions.main
branch then automatically you'll get a new release.Ensure your main branch is either does not require status checking, or has "bypass" exception for semantic-release-bot so that it can push new tags and releases on the Github repo.
Write your tests in test/
directory.
Execute them:
npm run test
This repository is under MIT license.
FAQs
A Typescript Hardhat-based template to develop evm-based smart contracts with all the tooling you need.
The npm package @0xflair/evm-contract-scaffold receives a total of 0 weekly downloads. As such, @0xflair/evm-contract-scaffold popularity was classified as not popular.
We found that @0xflair/evm-contract-scaffold demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.