Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@connext/cf-adjudicator-contracts
Advanced tools
Smart contracts for an State Channel AppInstance Adjudicator
Counterfactual is a general framework for building state channel applications. An overview of the principles and objectives of this framework can be found at the Counterfactual specifications repo.
Make sure you have Yarn v1.10.1 installed or higher. Refer to Yarn's installation guide for setup instructions for your operating system.
To install the dependencies:
yarn
To compile the Solidity source code into bytecode and ABI, run:
yarn build
To run all tests:
yarn test
To run only specific tests:
yarn test [test/<filename of specific test>.spec.ts ...]
The networks
folder contains the migration files for the different Ethereum networks the contracts have been migrated to. The ID of the respective networks are used as file names. The mapping of some of the major Ethereum network IDs to network names is:
Network ID | Network Name |
---|---|
1 | Main net |
3 | Ropsten testnet |
4 | Rinkeby testnet |
42 | Kovan testnet |
Not all of the networks will be used for the Counterfactual contracts, but you can find a more comprehensive list here. To run a migration against a target network:
truffle-config.js
cp .env.example .env
and make sure the right env vars are set in .env
require('ethers').Wallet.fromMnemonic('ETH_ACCOUNT_MNENOMIC')
yarn migrate --network <network name>
FAQs
Smart contracts for an State Channel AppInstance Adjudicator
The npm package @connext/cf-adjudicator-contracts receives a total of 0 weekly downloads. As such, @connext/cf-adjudicator-contracts popularity was classified as not popular.
We found that @connext/cf-adjudicator-contracts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.