Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
@energyweb/exchange-core
Advanced tools
Exchange Core
Description
The Exchange Core package provides the Matching Engine class, which contains the Exchange's matching engine's order book functionality.
It is a component of Energy Web Origin's Trade SDK.
Documentation
Contributing Guidelines
See contributing.md
Energy Web Decentralized Operating System
EW-Origin is a component of the Energy Web Decentralized Operating System (EW-DOS).
The purpose of EW-DOS is to develop and deploy an open and decentralized digital operating system for the energy sector in support of a low-carbon, customer-centric energy future.
We develop blockchain technology, full-stack applications and middleware packages that facilitate participation of Distributed Energy Resources on the grid and create open market places for transparent and efficient renewable energy trading.
- To learn about more about the EW-DOS tech stack, see our documentation
For a deep-dive into the motivation and methodology behind our technical solutions, read our White Papers:
Connect with Energy Web
License
This project is licensed under the MIT License - see the LICENSE file for details
FAQs
Generic EACs order book product and matching
The npm package @energyweb/exchange-core receives a total of 28 weekly downloads. As such, @energyweb/exchange-core popularity was classified as not popular.
We found that @energyweb/exchange-core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Package last updated on 16 Mar 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025