Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
@avalabs/bridge-unified
Advanced tools
<img alt="Avalanche Logo" src="https://images.ctfassets.net/gcj8jwzm6086/Gse8dqDEnJtT87RsbbEf4/1609daeb09e9db4a6617d44623028356/Avalanche_Horizontal_White.svg" width="au
A package for routing tokens from Chain A to Chain B, and unifying multiple bridge tools into one.
The bridging ecosystem is complex. There are often multiple tools that can be used to bridge tokens from one chain to another, and sometimes to get a token from chain A to C you need to use multiple bridging tools and route through chain B first. This package simplifies that process by creating the Unified Bridge API, a standard interface for bridging tokens from one chain to another without having to worry about the underlying tools or the underlying intermediary chains.
These are the bridges we currently support:
bridges/cctp
folder.Future bridges we plan to support:
npm install @avalabs/bridge-unified
# or
yarn add @avalabs/bridge-unified
# or
pnpm add @avalabs/bridge-unified
import { createUnifiedBridgeService, Environment, BridgeTransfer } from '@avalabs/bridge-unified';
// create a new service for an environment
const unifiedService = createUnifiedBridgeService({
environment: Environment.TEST,
});
// init the service, fetch and setup its configs
await unifiedService.init();
// get the list of supported assets, grouped by chain IDs
const assets = await unifiedService.getAssets()
// get the bridge fee(s) of the provided transfer
const fees = await unifiedService.getFees({...})
// start a new bridge transfer and store its state
const bridgeTransfer = await unifiedService.transferAsset({...})
// create an update listener for tracking
const updateListener = (transfer: BridgeTransfer) => {
console.log(transfer)
}
// start tracking the transfer's state. whenever the state changes, it will call the provided `updateListener`
const { cancel, result } = await unifiedService.trackTransfer({bridgeTransfer, updateListener, ...})
// immediatelly stops tracking and rejects the tracker's promise
// cancel()
// wait for the transfer to finish and get its final state
const finalizedBridgeTransfer = await result
Returns a new unifiedBridgeService
for the given environment
, using all supported bridge integrations by default. Individual bridges can be turned off via the disabledBridgeTypes
array.
Type: Environment
Defines if the bridge service should use testnet
or mainnet
.
Type: BridgeType[] | undefined
Disables the integration of the provided BridgeType
s.
Contains all the required properties and methods to prepare, initiate or track a bridge transfer. Automatically picks the right (enabled) bridge integration to use based on the provided params.
{
environment, // the provided Environment during initialization
bridges, // the list of enabled bridge integrations
init,
updateConfigs,
getAssets,
getFees,
transferAsset,
trackTransfer,
}
Type: () => Promise<void>
Initializes the unified service by attempting to fetch the configurations of the enabled bridges.
Type: () => Promise<void>
Attempts to fetch the configurations of the enabled bridges.
Type: () => Promise<ChainAssetMap>
Returns the aggregated list of assets supported by the enabled bridges grouped by chain IDs.
Type: (params: FeeParams) => Promise<AssetFeeMap>
Calculates and returns the bridge fees in tokenAddress
- amount
pairs for a given bridge transfer.
Type: (params: TransferParams) => Promise<BridgeTransfer>
Starts a new bridge transfer, executing every required step in a single call.
Transactions signing is done by either the provided sourceProvider
or a custom sign
callback.
Returns a BridgeTransfer
containing all the (known) initial values such as: environment, addresses, amount, fee, transaction hash, required and actual block confirmation counts, etc.
Type: (params: TrackingParams) => ({cancel, result})
Tracks the given BridgeTransfer
's progress and invokes the provided listener callback whenever a change happens.
Type: () => void
If it's still pending, rejects the tracker's promise (result
) immediatelly and breaks its loop under the hood.
Type: Promise<BridgeTransfer>
Resolves with the finalized BridgeTransfer
(if not canceled before).
FAQs
<img alt="Avalanche Logo" src="https://images.ctfassets.net/gcj8jwzm6086/Gse8dqDEnJtT87RsbbEf4/1609daeb09e9db4a6617d44623028356/Avalanche_Horizontal_White.svg" width="au
We found that @avalabs/bridge-unified demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.