
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
@bosonprotocol/instances
Advanced tools
Utility package that contains the official contract addresses and ABIs of the [Boson Protocol](https://www.bosonprotocol.io/).
Utility package that contains the official contract addresses and ABIs of the Boson Protocol.
npm install @bosonprotocol/instances
# OR
yarn add @bosonprotocol/instances
The package contains addresses and ABIs of multiple protocol versions and environments/chains.
You can directly import from a @bosonprotocol/instances/<PROTOCOL_VERSION>
module (available protocol versions are listed in the src/versions
folder) or use the top-level asynchronous get functions.
import { getContractAddresses } from "@bosonprotocol/instances/1.0.0";
import {
BosonRouterABI,
VouchersABI
} from "@bosonprotocol/instances/1.0.0/abis";
import {
getContractAddressesByVersion,
getAbiByVersion
} from "@bosonprotocol/instances";
const { getContractAddresses } = require("@bosonprotocol/instances/1.0.0");
const {
BosonRouterABI,
VouchersABI
} = require("@bosonprotocol/instances/1.0.0/abis");
const {
getContractAddressesByVersion,
getAbiByVersion
} = require("@bosonprotocol/instances");
const addressesMainnetProduction = getContractAddresses({
chainId: 1,
env: "production"
});
const addressesRopstenTesting = getContractAddresses({
chainId: 3,
env: "testing"
});
const addressesByVersion = await getContractAddressesByVersion({
chainId: 3,
env: "testing",
protocolVersion: "1.0.0"
});
Import directly from @bosonprotocol/instances/<PROTOCOL_VERSION>/abis
or use
const abi = await getAbiByVersion({
contractName: "BosonRouter",
protocolVersion: "1.0.0"
});
In order to update or add addresses and ABIs of newer protocol versions or different environments/chains, checkout this repository and follow the steps below:
npm install
If you want to update or add addresses run:
npm run update:addresses -- <SRC_FILE>
Note, that the <SRC_FILE>
should conform to the schema:
{
"chainId": "<CHAIN_ID>", // number
"env": "<ENV>", // optional string
"protocolVersion": "<PROTOCOL_VERSION>",
"<CONTRACT_NAME>": "<CONTRACT_ADDRESS>"
// ... other contract entries
}
If you run the deploy
script of the bosonprotocol/contracts
repo, then the outputted addresses file can be used as the <SRC_FILE>
:
# in the contracts repo
npx hardhat deploy --network rinkeby --env staging
# in the instances (this) repo
npm run update:addresses -- <PATH_TO_CONTRACTS_REPO>/addresses/4-staging.json
To update the ABIs you can run:
npm run update:abis -- <PROTOCOL_VERSION>
This will install the @bosonprotocol/core
package and create the respective files in the src/versions/<PROTOCOL_VERSION>/abis
folder.
Commit the changes to a new branch and create a PR. Note, that we use Conventional Commits and Semantic Release to automatically publish and version the package. Therefore, if you update addresses the commit message should look something like
fix: addresses v1.0.0 staging ropsten
If you add new addresses or ABIs the commit message should look something like
feat: addresses v1.1.0 testing ropsten
FAQs
Utility package that contains the official contract addresses and ABIs of the [Boson Protocol](https://www.bosonprotocol.io/).
We found that @bosonprotocol/instances demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.