Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@cardano-sdk/cardano-services
Advanced tools
Libraries and program entrypoints for services to facilitate remote data and submit access using Provider interfaces over HTTP; The TxSubmitHttpService can be configured to submit via Ogmios or via submit-api. Data is sourced from Cardano DB Sync, the local Cardano Node via Ogmios Local State Queries, genesis files, and remote sources.
/metrics
The services require instances of Cardano Node and Ogmios as a minimum, with Cardano DB Sync dependent on the run command. Please refer to docker-compose.json for the current supported version of each service dependency.
The Provider server can be started with one or more services by name, segmented by URL path.
Run the CLI with start-provider-server --help
to see the full list of options.
The following examples require the install and build steps to be completed.
ws://localhost:1338
.localhost:5432
start-provider-server
using CLI options:
./dist/cjs/cli.js \
start-provider-server \
--api-url http://localhost:6000 \
--cardano-node-config-path ./config/network/preprod/cardano-node/config.json \
--postgres-connection-string-db-sync postgresql://somePgUser:somePassword@localhost:5432/someDbName \
--ogmios-url ws://localhost:1338 \
asset chain-history stake-pool tx-submit network-info utxo rewards
start-provider-server
using env variables:
SERVICE_NAMES=asset,chain-history,stake-pool,tx-submit,network-info,utxo,rewards \
API_URL=http://localhost:6000 \
CARDANO_NODE_CONFIG_PATH=./config/network/preprod/cardano-node/config.json \
POSTGRES_CONNECTION_STRING_DB_SYNC=postgresql://somePgUser:somePassword@localhost:5432/someDbName \
OGMIOS_URL=ws://localhost:1338 \
./dist/cjs/cli.js start-provider-server
start-provider-server
using CLI options:
./dist/cjs/cli.js \
start-provider-server \
--api-url http://localhost:6000 \
--enable-metrics \
--cardano-node-config-path ./config/network/preprod/cardano-node/config.json \
--postgres-srv-service-name-db-sync someHostName \
--postgres-db-db-sync someDbName \
--postgres-user-db-sync somePgUser \
--postgres-password-db-sync somePassword \
--ogmios-srv-service-name some-domain-for-ogmios \
asset chain-history stake-pool tx-submit network-info utxo rewards
start-provider-server
using env variables:
SERVICE_NAMES=asset,chain-history,stake-pool,tx-submit,network-info,utxo,rewards \
API_URL=http://localhost:6000 \
ENABLE_METRICS=true \
CARDANO_NODE_CONFIG_PATH=./config/network/preprod/cardano-node/config.json \
POSTGRES_SRV_SERVICE_NAME_DB_SYNC=some-domain-for-postgres-db
POSTGRES_DB_DB_SYNC=someDbName \
POSTGRES_USER_DB_SYNC=someUser \
POSTGRES_PASSWORD_DB_SYNC=somePassword \
OGMIOS_SRV_SERVICE_NAME=some-domain-for-ogmios \
./dist/cjs/cli.js start-provider-server
start-pg-boss-worker
using CLI options:
./dist/cjs/cli.js start-pg-boss-worker --queues=pool-metadata --postgres-connection-string-stake-pool "postgresql://postgres:doNoUseThisSecret\!@localhost:5432/projection" --postgres-connection-string-db-sync "postgresql://postgres:doNoUseThisSecret\!@localhost:5432/cexplorer"
start-pg-boss-worker
using env variables:
QUEUES=pool-metadata POSTGRES_CONNECTION_STRING_STAKE_POOL=postgresql://postgres:doNoUseThisSecret\!@localhost:5432/projection POSTGRES_CONNECTION_STRING_DB_SYNC=postgresql://postgres:doNoUseThisSecret\!@localhost:5432/cexplorer ./dist/cjs/cli.js start-pg-boss-worker
start-projector
using CLI options with Ogmios and PostgreSQL running on localhost:
./dist/cjs/cli.js \
start-projector \
--ogmios-url 'ws://localhost:1339' \
--postgres-connection-string 'postgresql://postgres:doNoUseThisSecret!@localhost/projection' \
stake-pool,stake-pool-metadata-job
The Docker images produced by the SDK and the docker compose infrastructures (mainnet, preprod and local-network) it includes are ready to be used in production environment.
Note: the docker compose infrastructures included in the SDK are mainly used for development purposes: to use
them in production environments, the projector service(s) must be instructed to run the migration scripts rather than
to use the synchronize
development option from TypeORM. This can be achieved through environment variables:
SYNCHRONIZE=false yarn preprod:up
To speed up the development process, developers can ignore the migrations while developing or debugging changes.
This freedom is granted by the synchronize
development option from TypeORM, which is enabled by default in the
docker compose infrastructures included in the SDK.
In order to grant to the projection service the ability to choose which projections it needs to activate, the migrations must be scoped to a single model: if a single change has impact on more models, one migration for each impacted model must be generated.
Hint: isolating all the changes to each model in distinct commits can be so helpful for this target!
For each migration, once the change is finalized (all the new entities are added to the entities
object at
src/Projection/prepareTypeormProjection.ts
, apart from last minor refinements the PR is approved, etc...), the
relative migration can be generated following these steps.
Hint: if previous hint was followed, to checkout each commit which requires a migration to produce a fixup commit for each of them can be an easy way to iterate over all the impacted models.
DROP_PROJECTOR_SCHEMA=true SYNCHRONIZE=false yarn preprod up
PROJECTION_NAMES
since in this scope all the projections must be loadedDROP_PROJECTOR_SCHEMA=true
is used to let the projection service to create the database schema from scratchSYNCHRONIZE=false
the projection service runs all migrations rather than reflecting the changes to the
models on the schema (through the synchronize
development option from TypeORM)yarn generate-migration
to produce a new migration in
src/Projections/migrations
directory
static entity
property to the migration class
(to see other migrations for reference)class
giving them mnemonic namesmigrations
array at src/Projections/migrations/index.ts
FAQs
Cardano GraphQL Services
The npm package @cardano-sdk/cardano-services receives a total of 317 weekly downloads. As such, @cardano-sdk/cardano-services popularity was classified as not popular.
We found that @cardano-sdk/cardano-services demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.