@chainlink/contracts-ccip
Advanced tools
[!IMPORTANT] Since v1.6.0 of the CCIP contracts, the contracts have been moved to a new repository: chainlink-ccip. The EVM contracts exist in the
chains/evmdirectory of the repository.
Chainlink-ccip relies on chainlink-evm, below are the instructions to install both.
To find the correct version of chainlink-evm to use for any given version of chainlink-ccip,
please refer to the package.json file in /chains/evm.
It contains an NPM dependency on @chainlink/contracts-evm with the correct version for the given version of chainlink-ccip.
NOTE: while other versions of chainlink-evm may work, we only test against the version specified in the package.json file.
Audits are also only done against the version specified in the package.json file.
No guarantees are made for other versions.
[!WARNING] When installing via git, the ref defaults to master when no tag is given.
When installing through git, it is recommended to use a specific version tag to avoid breaking changes.
The corresponding git tag will be contracts-ccip-v<version> for chainlink-ccip,
and contracts-v<version> for chainlink-evm.
$ forge install smartcontractkit/chainlink-evm@contracts-v<version>
$ forge install smartcontractkit/chainlink-ccip@contracts-ccip-v<version>
Add the following remappings
@chainlink/contracts/=lib/smartcontractkit/chainlink-evm/contracts/
@chainlink/contracts-ccip/contracts/=lib/smartcontractkit/chainlink-ccip/chains/evm/contracts/
# pnpm
$ pnpm add @chainlink/contracts
$ pnpm add @chainlink/contracts-ccip
# npm
$ npm install @chainlink/contracts --save
$ npm install @chainlink/contracts-ccip --save
Add the following remappings
@chainlink/contracts/=node_modules/@chainlink/contracts/
@chainlink/contracts-ccip/contracts/=node_modules/@chainlink/contracts-ccip/contracts/
@chainlink/contracts-ccip
├── contracts # Solidity contracts
├── scripts # Compilation script
└── abi # ABI json output
[!WARNING] Contracts in
dev/directories or with a typeAndVersion ending in-devare under active development and are likely unaudited. Please refrain from using these in production applications.
The contracts can be imported via @chainlink/contracts-ccip/contracts:
import {CCIPReceiver} from '@chainlink/contracts-ccip/contracts/applications/CCIPReceiver.sol';
To get started with CCIP, please refer to the CCIP documentation.
The MockRouter contract is a good starting point when developing dapps that use CCIP.
It is a simplified same-chain entry and exit point for CCIP messages.
It lives in contracts/test/mocks/MockRouter.sol.
This repository uses Solidity remappings to resolve imports,
which are defined in the remappings.txt file.
Please see the Installation section above for the correct remappings based on your installation method.
If required, you can remap dependencies used within CCIP contracts, e.g. Openzeppelin contracts,
by adding the following to your remappings.txt file:
@chainlink/contracts/src/v0.8/vendor/openzeppelin-solidity/v4.8.3/contracts/=node_modules/@openzeppelin/contracts/
@chainlink/contracts/src/v0.8/vendor/openzeppelin-solidity/v5.0.2/contracts/=node_modules/@openzeppelin/contracts/
This allows you to use a wide range of versions of Openzeppelin in your project without conflicts.
We use changesets to manage versioning the contracts.
Every PR that modifies any configuration or code, should most likely accompanied by a changeset file.
To install changesets:
pnpm if it is not already installed - docs.pnpm install.Either after or before you create a commit, run the pnpm changeset command in the chains/evm directory to create an accompanying changeset entry which will reflect on the CHANGELOG for the next release.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
The CCIP repo is licensed under the BUSL-1.1 license, however, there are a few exceptions
FAQs
Chainlink smart contracts for CCIP
The npm package @chainlink/contracts-ccip receives a total of 5,699 weekly downloads. As such, @chainlink/contracts-ccip popularity was classified as popular.
We found that @chainlink/contracts-ccip demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.