Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@entropyxyz/sdk
Advanced tools
@entropyxyz/SDK
is a collection of TS packages that allow you to interact with the Entropy network. This is currently in alpha release.
yarn:
yarn add @entropyxyz/SDK
npm:
npm i @entropyxyz/SDK --save
NOTICE
endpoint
defaults to 'ws://127.0.0.1:9944' if no value is provided.
Remarks
The main interface for users wanting to interact with Entropy.
This class provides methods to register, check registration status,
and sign transactions. Users can await the ready
promise to ensure
that the class has been initialized before performing operations.
Example
const signer = await getWallet(charlieStashSeed);
const entropyAccount: EntropyAccount = {
sigRequestKey: signer,
programModKey: signer,
};
const entropy = new Entropy({ account: entropyAccount });
await entropy.ready;
await entropy.register({
programModAccount: '5Gw3s7q9...',
keyVisibility: 'Permissioned',
freeTx: false
});
• new default(opts
): default
Initializes an instance of the Entropy class.
Name | Type | Description |
---|---|---|
opts | EntropyOpts | The configuration options for the Entropy instance. |
• Optional
account: EntropyAccount
• isRegistered: (address
: Address
) => Promise
<boolean
>
▸ (address
): Promise
<boolean
>
Name | Type |
---|---|
address | Address |
Promise
<boolean
>
• programs: default
• ready: Promise
<boolean
>
A promise that resolves once chacha20poly1305 cryptoLib has been loaded
• registrationManager: default
• signingManager: default
• substrate: ApiPromise
▸ getVerifyingKey(address
): Promise
<string
>
Retrieves the verifying key associated with the given address's registration record.
Name | Type | Description |
---|---|---|
address | Address | The address for which the verifying key is needed. |
Promise
<string
>
▸ register(params
): Promise
<void
>
Registers an address with Entropy using the provided parameters.
Name | Type | Description |
---|---|---|
params | RegistrationParams & { account? : EntropyAccount } | The registration parameters. |
Promise
<void
>
A promise indicating the completion of the registration process.
Throws
Throws
▸ sign(params
): Promise
<Uint8Array
>
Signs a signature request hash. This method involves various steps including validator selection, transaction request formatting, and submission of these requests to validators for signing. It returns the signature from the first validator after validation.
Name | Type | Description |
---|---|---|
params | SigOps | The signature operation parameters. |
Promise
<Uint8Array
>
Throws
▸ signTransaction(params
): Promise
<unknown
>
Signs a given transaction based on the provided parameters.
The signTransaction
method invokes the appropriate adapter (chain based configuration)
based on the type specified in the params
. This modular approach ensures that various
transaction types can be supported. The method performs a series of operations, starting
with the preSign
function of the selected adapter, followed by the actual signing of the
transaction request hash, and if necessary, the postSign
function of the adapter.
Name | Type | Description |
---|---|---|
params | SigTxOps | The parameters for signing the transaction. |
Promise
<unknown
>
A promise that returns the transaction signature. Note that the structure and format of this signature may differ based on the adapter.
Throws
Throws
Will throw an error if the transaction type does not have a corresponding adapter.
[0.1.3] Bes - 2024-01-31 (entropy-core compatibility: 0.0.10)
@entropyxyz/entropy-js
is now @entropyxyz/sdk
entropy.programs.dev
is the new interface to deploying programsFAQs
JS SDK for entropy blockchain
The npm package @entropyxyz/sdk receives a total of 149 weekly downloads. As such, @entropyxyz/sdk popularity was classified as not popular.
We found that @entropyxyz/sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.