Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@cowprotocol/cow-sdk
Advanced tools
Statements | Branches | Functions | Lines |
---|---|---|---|
Usage examples: VanillaJS, Create React App, NodeJS
yarn add @cowprotocol/cow-sdk
OrderBookApi
- provides the ability to retrieve orders and trades from the CoW Protocol order-book, as well as add and cancel themOrderSigningUtils
- serves to sign orders and cancel them using EIP-712SubgraphApi
- provides statistics data about CoW protocol from Subgraph, such as trading volume, trade count and othersimport { OrderBookApi, OrderSigningUtils, SubgraphApi } from '@cowprotocol/cow-sdk'
const chainId = 100 // Gnosis chain
const orderBookApi = new OrderBookApi({ chainId })
const subgraphApi = new SubgraphApi({ chainId })
const orderSigningUtils = new OrderSigningUtils()
For clarity, let's look at the use of the API with a practical example:
Exchanging 0.4 GNO
to WETH
on Goerli
network.
We will do the following operations:
You also can check this code in the CRA example
import { OrderBookApi, OrderSigningUtils, SupportedChainId } from '@cowprotocol/cow-sdk'
import { Web3Provider } from '@ethersproject/providers'
const account = 'YOUR_WALLET_ADDRESS'
const chainId = 5 // Goerli
const provider = new Web3Provider(window.ethereum)
const signer = provider.getSigner()
const quoteRequest = {
sellToken: '0xb4fbf271143f4fbf7b91a5ded31805e42b2208d6', // WETH goerli
buyToken: '0x02abbdbaaa7b1bb64b5c878f7ac17f8dda169532', // GNO goerli
from: account,
receiver: account,
sellAmountBeforeFee: (0.4 * 10 ** 18).toString(), // 0.4 WETH
kind: OrderQuoteSide.kind.SELL,
}
const orderBookApi = new OrderBookApi({ chainId: SupportedChainId.GOERLI })
async function main() {
const { quote } = await orderBookApi.getQuote(quoteRequest)
const orderSigningResult = await OrderSigningUtils.signOrder(quote, chainId, signer)
const orderId = await orderBookApi.sendOrder({ ...quote, ...orderSigningResult })
const order = await orderBookApi.getOrder(orderId)
const trades = await orderBookApi.getTrades({ orderId })
const orderCancellationSigningResult = await OrderSigningUtils.signOrderCancellations([orderId], chainId, signer)
const cancellationResult = await orderBookApi.sendSignedOrderCancellations({...orderCancellationSigningResult, orderUids: [orderId] })
console.log('Results: ', { orderId, order, trades, orderCancellationSigningResult, cancellationResult })
}
OrderBookApi
- is a main tool for working with CoW Protocol API.
Since the API supports different networks and environments, there are some options to configure it.
chainId
- can be one of SupportedChainId.MAINNET
, SupportedChainId.GNOSIS_CHAIN
, or SupportedChainId.GOERLI
env
- this parameter affects which environment will be used:
https://api.cow.fi
for prod
(default)https://barn.api.cow.fi
for staging
import { OrderBookApi } from '@cowprotocol/cow-sdk'
const orderBookApi = new OrderBookApi({
chainId: SupportedChainId.GOERLI,
env: 'staging' // <-----
})
In case you need to use custom endpoints (e.g. you use a proxy), you can do it this way:
import { OrderBookApi } from '@cowprotocol/cow-sdk'
const orderBookApi = new OrderBookApi({
chainId: SupportedChainId.GOERLI,
baseUrls: { // <-----
[SupportedChainId.MAINNET]: 'https://YOUR_ENDPOINT/mainnet',
[SupportedChainId.GNOSIS_CHAIN]: 'https://YOUR_ENDPOINT/xdai',
[SupportedChainId.GOERLI]: 'https://YOUR_ENDPOINT/goerli',
}
})
The CoW Protocol API has restrictions on the backend side to protect against DDOS and other issues.
The main restriction is request rate limit of: 5 requests per second for each IP address
The client's limiter settings can be configured as well:
import { OrderBookApi } from '@cowprotocol/cow-sdk'
import { BackoffOptions } from 'exponential-backoff'
import { RateLimiterOpts } from 'limiter'
const limiterOpts: RateLimiterOpts = {
tokensPerInterval: 5,
interval: 'second',
}
const backOffOpts: BackoffOptions = {
numOfAttempts: 5,
maxDelay: Infinity,
jitter: 'none',
}
const orderBookApi = new OrderBookApi(
{chainId: SupportedChainId.GOERLI, limiterOpts, backOffOpts},
)
The Subgraph is constantly indexing the protocol, making all the information more accessible. It provides information about trades, users, tokens and settlements. Additionally, it has some data aggregations which provides insights on the hourly/daily/totals USD volumes, trades, users, etc.
The SDK provides an easy way to access all this information.
You can query the CoW Subgraph either by running some common queries exposed by the CowSubgraphApi
or by building your own:
import { SubgraphApi, SupportedChainId } from '@cowprotocol/cow-sdk'
const cowSubgraphApi = new SubgraphApi({ chainId: SupportedChainId.MAINNET })
// Get CoW Protocol totals
const { tokens, orders, traders, settlements, volumeUsd, volumeEth, feesUsd, feesEth } =
await cowSubgraphApi.getTotals()
console.log({ tokens, orders, traders, settlements, volumeUsd, volumeEth, feesUsd, feesEth })
// Get last 24 hours volume in usd
const { hourlyTotals } = await cowSubgraphApi.getLastHoursVolume(24)
console.log(hourlyTotals)
// Get last week volume in usd
const { dailyTotals } = await cowSubgraphApi.getLastDaysVolume(7)
console.log(dailyTotals)
// Get the last 5 batches
const query = `
query LastBatches($n: Int!) {
settlements(orderBy: firstTradeTimestamp, orderDirection: desc, first: $n) {
txHash
firstTradeTimestamp
}
}
`
const variables = { n: 5 }
const response = await cowSubgraphApi.runQuery(query, variables)
console.log(response)
One way to make the most out of the SDK is to get familiar with its architecture.
See SDK Architecture
yarn
yarn build
# Build in watch mode
yarn start
yarn test
Some parts of the SDK are automatically generated. This is the case for the Order Book API and the Subgraph API
# Re-create automatically generated code
yarn codegen
FAQs
## 📚 [Docs website](https://docs.cow.fi/)
The npm package @cowprotocol/cow-sdk receives a total of 502 weekly downloads. As such, @cowprotocol/cow-sdk popularity was classified as not popular.
We found that @cowprotocol/cow-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.