Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@0xsequence/collectible-lists
Advanced tools
Readme
This package includes a JSON schema for token lists, and TypeScript utilities for working with collectible lists.
The JSON schema represents the technical specification for a collectible list which can be used in a dApp interface, such as Opensea Interface.
Sequence Collectible Lists is a specification for lists of collectible token metadata (e.g. address, name, ...) that can be used by any dApp interfaces that needs one or more lists of collectibles. This specification is a fork of https://github.com/Uniswap/token-lists for tokens that comply with the ERC-721 and ERC-1155 token standards.
Anyone can create and maintain a collectible list, as long as they follow the specification.
Specifically an instance of a token list is a JSON blob that contains a list of ERC-721 or ERC-1155 token metadata for use in dApp user interfaces.
Notes:
The JSON schema ID is https://github.com/0xsequence/collectible-lists/blob/master/src/tokenlist.schema.json.
This package does not include code for token list validation. You can easily do this by including a library such as ajv to perform the validation against the JSON schema. The schema is exported from the package for ease of use.
The best way to manually author token lists is to use an editor that supports JSON schema validation. Most popular code editors do, such as IntelliJ or VSCode. Other editors can be found here.
The schema is registered in the SchemaStore, and any file that matches
the pattern *.tokenlist.json
should
automatically utilize
the JSON schema for the supported text editors.
In order for your token list to be able to be used, it must pass all JSON schema validation.
If you want to automate token listing, e.g. by pulling from a smart contract, or other sources, you can use this npm package to take advantage of the JSON schema for validation and the TypeScript types. Otherwise, you are simply working with JSON. All the usual tools apply, e.g.:
import { CollectibleList, schema } from '@0xsequence/collectible-lists'
// generate your collectible list however you like.
const myList: CollectibleList = generateMyCollectibleList();
// use a tool like `ajv` to validate your generated token list
validateMyCollectibleList(myList, schema);
// print the resulting JSON to stdout
process.stdout.write(JSON.stringify(myList));
Lists include a version
field, which follows semantic versioning.
List versions must follow the rules:
Changing a token address or chain ID is considered both a remove and an add, and should be a major version update.
Note that list versioning is used to improve the user experience, but not for security, i.e. list versions are not meant to provide protection against malicious updates to a token list; i.e. the list semver is used as a lossy compression of the diff of list updates. List updates may still be diffed in the client dApp.
Once you have authored the list, you can make it available at any URI. Prefer pinning your list to IPFS (e.g. via pinata.cloud) and referencing the list by an ENS name that resolves to the contenthash.
If hosted on HTTPS, make sure the endpoint is configured to send an access-control-allow-origin header to avoid CORS errors.
An ENS name can be assigned to an IPFS hash via the contenthash text record. This is the preferred way of referencing your list.
You can find a simple example of a token list in test/schema/example.tokenlist.json.
A snapshot of the Sequence default list encoded as a token list is found in test/schema/bigexample.tokenlist.json.
FAQs
📚 The Collectible Lists specification
The npm package @0xsequence/collectible-lists receives a total of 14 weekly downloads. As such, @0xsequence/collectible-lists popularity was classified as not popular.
We found that @0xsequence/collectible-lists demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.