Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@cbrazn/use-wallet
Advanced tools
[](https://www.npmjs.com/package/use-wallet) [](https://bundlephobia.com/result?p=use-wallet)
useWallet() allows dapp users to connect to the provider of their choice in a way that is as straightforward as possible. It provides a common data structure for any connected account, no matter what provider has been chosen by the user. It aims to provide some features that are often reimplemented by dapp developers: connecting to a wallet, keeping track of transactions, and more (submit a issue or PR!).
Oh yes:
Add it to your project:
yarn add use-wallet
Use it in your React app:
// App.js
import React from 'react'
import { useWallet, UseWalletProvider } from 'use-wallet'
function App() {
const wallet = useWallet()
const blockNumber = wallet.getBlockNumber()
return (
<>
<h1>Wallet</h1>
{wallet.status === 'connected' ? (
<div>
<div>Account: {wallet.account}</div>
<div>Balance: {wallet.balance}</div>
<button onClick={() => wallet.reset()}>disconnect</button>
</div>
) : (
<div>
Connect:
<button onClick={() => wallet.connect()}>MetaMask</button>
<button onClick={() => wallet.connect('frame')}>Frame</button>
<button onClick={() => wallet.connect('portis')}>Portis</button>
</div>
)}
</>
)
}
// Wrap everything in <UseWalletProvider />
export default () => (
<UseWalletProvider
chainId={1}
connectors={{
// This is how connectors get configured
portis: { dAppId: 'my-dapp-id-123-xyz' },
}}
>
<App />
</UseWalletProvider>
)
This is the provider component. It should be placed above any component using useWallet()
. Apart from children
, it accepts two other props:
The Chain ID supported by the connection. Defaults to 1.
Configuration for the different connectors. If you use a connector that requires a configuration but do not provide one, an error will be thrown.
injected
: no configuration needed.frame
: no configuration needed.fortmatic
: { apiKey }
portis
: { dAppId }
provided
: { provider }
authereum
: no configuration needed.squarelink
: { clientId, options }
walletconnect
: { rpcUrl }
walletlink
: { url, appName, appLogoUrl }
See the web3-react documentation for more details.
This is the hook to be used throughout the app.
It takes an optional object as a single param, containing the following:
pollBalanceInterval
: the interval used to poll the wallet balance. Defaults to 2000.pollBlockNumberInterval
: the interval used to poll the block number. Defaults to 5000.It returns an object representing the connected account (“wallet”), containing:
account
: the address of the account, or null
when disconnected.balance
: the balance of the account, in wei.chainId
: The specified Chain ID of the network you're connected to.connect(connectorId)
: call this function with a connector ID to “connect” to a provider (see above for the connectors provided by default).connector
: The "key" of the wallet you're connected to (e.g "metamask", "portis").connectors
: the full list of connectors.error
: contains an error object with the corresponding name and message if status
is set to error
.ethereum
: the connected Ethereum provider.getBlockNumber()
: this function returns the current block number. This is a function because the block number updates often, which could trigger as many extra renders. Making an explicit call for the block number allows users of useWallet()
to avoid extra renders when the block number is not needed.networkName
: a human-readable name corresponding to the Chain ID.reset()
: call this function to “disconnect” from the current provider. This will also clean the latest error value stored in use-wallet
's state.status
: contains the current status of the wallet connection. The possible values are:
type
: whether or not the account is a contract. Can be null
when you're disconnected, or either "contract"
or "normal"
.useWallet() is a built on web3-react and its connectors, which are doing all the hard work internally.
FAQs
[](https://www.npmjs.com/package/use-wallet) [](https://bundlephobia.com/result?p=use-wallet)
We found that @cbrazn/use-wallet demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.