Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
@api3/contracts
Advanced tools
@api3/contracts
Contracts through which API3 services are delivered
This package provides the tools to integrate data feeds that can be found at the API3 Market. The typical workflow is as follows:
- Purchase data feed subscriptions and get the respective proxy addresses at the API3 Market
- Use the proxy address computation utility function provided by this package (
computeCommunalApi3ReaderProxyV1Address()) to validate the proxy addresses being used - Use the proxy contract interfaces provided by this package in the reader contract, as demonstrated in https://github.com/api3dao/data-feed-reader-example
A more complete list of what this package includes is as follows:
- All contracts that facilitate API3 data feed services, including OEV auctions
@typechain/ethers-v6typings of these contracts- Addresses of the API3 deployments of these contracts
- Proxy address computation utility functions
Security
We have conducted 10+ audits of our contracts and their off-chain components. Below are the reports of the ones that are directly related to the contracts in this repo (or in some cases, earlier versions of them).
- 2024-10-24 Quantstamp (refer to here for the commit hash)
- 2024-02-20 Quantstamp
- 2023-12-20 Quantstamp
- 2023-03-02 Sigma Prime
- 2022-03-30 Trail of Bits
- 2021-12-16 Sigma Prime
For bug reports, contact security@api3.org
Developer instructions
Install the dependencies and build
pnpm i && pnpm build
Test the contracts, get coverage and gas reports
pnpm test
pnpm test:extended
# Outputs to `./coverage`
pnpm test:coverage
# Outputs to `gas_report`
pnpm test:gas
Verify that the vendor contracts are identical to the ones from their respective packages.
pnpm verify-vendor-contracts
Check the local files containing metadata
pnpm check
Verify the deployments and validate their current state
# on all chains
pnpm verify-deployments
# or a single chain
NETWORK=ethereum pnpm verify-deployments
# on all chains
pnpm validate-deployments
# or a single chain
NETWORK=ethereum pnpm validate-deployments
FAQs
Contracts through which API3 services are delivered
The npm package @api3/contracts receives a total of 910 weekly downloads. As such, @api3/contracts popularity was classified as not popular.
We found that @api3/contracts demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 25 Jun 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025
Security News
Meet Socket at Black Hat Europe and BSides London 2025
Socket is heading to London! Stop by our booth or schedule a meeting to see what we've been working on.
By Anders Søndergaard - Nov 11, 2025