Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@compound-finance/compound-js
Advanced tools
A JavaScript SDK for Ethereum and the Compound Protocol.
A JavaScript SDK for Ethereum and the Compound Protocol. Wraps around Ethers.js. Works in the web browser and Node.js.
This SDK is in open beta, and is constantly under development. USE AT YOUR OWN RISK.
JSON RPC based Ethereum read and write.
const Compound = require('@compound-finance/compound-js'); // in Node.js
const cUsdtAddress = Compound.util.getAddress(Compound.cUSDT);
(async function() {
let supplyRatePerBlock = await Compound.eth.read(
cUsdtAddress,
'function supplyRatePerBlock() returns (uint)',
[], // [optional] parameters
{} // [optional] call options, provider, network, ethers.js "overrides"
);
console.log('USDT supplyRatePerBlock:', supplyRatePerBlock.toString());
})().catch(console.error);
const toAddress = '0xa0df350d2637096571F7A701CBc1C5fdE30dF76A';
(async function() {
const trx = await Compound.eth.trx(
toAddress,
'function send() external payable',
[],
{
value: Compound._ethers.utils.parseEther('1.0'), // 1 ETH
provider: window.ethereum, // in a web browser
}
);
const toAddressEthBalance = await Compound.eth.getBalance(toAddress);
})().catch(console.error);
Simple methods for using the Compound protocol.
const compound = new Compound(window.ethereum); // in a web browser
// Ethers.js overrides are an optional 3rd parameter for `supply`
// const trxOptions = { gasLimit: 250000, mantissa: false };
(async function() {
console.log('Supplying ETH to the Compound protocol...');
const trx = await compound.supply(Compound.ETH, 1);
console.log('Ethers.js transaction object', trx);
})().catch(console.error);
Web Browser
<script type="text/javascript" src="https://cdn.jsdelivr.net/npm/@compound-finance/compound-js@latest/dist/browser/compound.min.js"></script>
<script type="text/javascript">
window.Compound; // or `Compound`
</script>
Node.js
npm install ethers @compound-finance/compound-js
const Compound = require('@compound-finance/compound-js');
// or, when using ES6
import Compound from '@compound-finance/compound-js';
See the docblock comments above each function definition or the official Compound.js Documentation.
The following are valid Ethereum providers for initialization of the SDK (v2 and Comet instance).
var compound = new Compound(window.ethereum); // web browser
var compound = new Compound('http://127.0.0.1:8545'); // HTTP provider
var compound = new Compound(); // Uses Ethers.js fallback mainnet (for testing only)
var compound = new Compound('goerli'); // Uses Ethers.js fallback (for testing only)
// Init with private key (server side)
var compound = new Compound('https://mainnet.infura.io/v3/_your_project_id_', {
privateKey: '0x_your_private_key_', // preferably with environment variable
});
// Init with HD mnemonic (server side)
var compound = new Compound('mainnet' {
mnemonic: 'clutch captain shoe...', // preferably with environment variable
});
Compound III (Comet) object initialization. The constructor accepts the same parameters as the Compound
constructor. An error will be thrown initially and whenever a method is called if the provider does not match the network of the specific Comet deployment. The SDK constants as well as a method in the Comet documentation note the Comet deployments that Compound.js supports.
var compound = new Compound(window.ethereum);
var comet = compound.comet.MAINNET_USDC(); // provider from `compound` will be used unless on is explicitly passed
Names of contracts, their addresses, ABIs, token decimals, and more can be found in /src/constants.ts
. Addresses, for all networks, can be easily fetched using the getAddress
function, combined with contract name constants.
console.log(Compound.DAI, Compound.ETH, Compound.cETH);
// DAI, ETH, cETH
const cUsdtAddress = Compound.util.getAddress(Compound.cUSDT);
// Mainnet cUSDT address. Second parameter can be a network like 'goerli'.
Parameters of number values can be plain numbers or their scaled up mantissa values. There is a transaction option boolean to tell the SDK what the developer is passing.
// 1 Dai
await compound.borrow(Compound.DAI, '1000000000000000000', { mantissa: true });
// `mantissa` defaults to false if it is not specified or if an options object is not passed
await compound.borrow(Compound.DAI, 1, { mantissa: false });
Each method that interacts with the blockchain accepts a final optional parameter for overrides, much like Ethers.js overrides.
// The options object itself and all options are optional
const trxOptions = {
mantissa, // Boolean, parameters array arg of 1 ETH would be '1000000000000000000' (true) vs 1 (false)
abi, // Definition string or an ABI array from a solc build
provider, // JSON RPC string, Web3 object, or Ethers.js fallback network (string)
network, // Ethers.js fallback network provider, "provider" has precedence over "network"
from, // Address that the Ethereum transaction is send from
gasPrice, // Ethers.js override `Compound._ethers.utils.parseUnits('10.0', 'gwei')`
gasLimit, // Ethers.js override - see https://docs.ethers.io/ethers.js/v5-beta/api-contract.html#overrides
value, // Number or string
data, // Number or string
chainId, // Number
nonce, // Number
privateKey, // String, meant to be used with `Compound.eth.trx` (server side)
mnemonic, // String, meant to be used with `Compound.eth.trx` (server side)
};
Tests are available in ./test/*.test.js
. The tests are configured in ./test/index.js
. Methods are tested using a forked chain using ganache-core. A JSON RPC provider URL needs to be configured as an environment variable before running the tests (MAINNET_PROVIDER_URL
). Archive state must be available to run the tests. For free archive node access, get a provider URL from Alchemy.
## Run all tests
npm test
## Run a single test (Mocha JS grep option)
npm test -- -g 'runs eth.getBalance'
git clone git@github.com:compound-finance/compound-js.git
cd compound-js/
npm install
npm run build
<!-- Local build (do `npm install` first) -->
<script type="text/javascript" src="./dist/browser/compound.min.js"></script>
<!-- Public NPM -> jsdeliver build -->
<script type="text/javascript" src="https://cdn.jsdelivr.net/npm/@compound-finance/compound-js@latest/dist/browser/compound.min.js"></script>
// Local build (do `npm install` first)
const Compound = require('./dist/nodejs/index.js');
// Public NPM build
const Compound = require('@compound-finance/compound-js');
FAQs
A JavaScript SDK for Ethereum and the Compound Protocol.
The npm package @compound-finance/compound-js receives a total of 53 weekly downloads. As such, @compound-finance/compound-js popularity was classified as not popular.
We found that @compound-finance/compound-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.