Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@ethereansos/interfaces-core
Advanced tools
This package includes some core features used by the EtheranOS apps, like the plugin system and the integration with Ethereum.
This package includes some core features used by the EtheranOS apps, like the plugin system and the integration with Ethereum.
The plugin system is a set of React custom hooks and context providers to manage the plugins.
The whole source code is in the src/hooks/userPlugin.js
file.
The plugin system manages two kinds of data: plugins and placeholders.
Placeholders hold an ordered list of items grouped by name. For example, you can have a set of "menu" items, a set of "router" items, etc.
The exported objects are:
PluginsContextProvider
context provider for the plugin systemusePlugins
hook that returns the installed pluginsusePlaceholder
hook that returns the installed placeholdersLook at the file src/App.js
inside the app
package and at the file src/index.js
inside the sampe-plugin
package for an example of use of the plugin system.
Basically, in the app you need to provide a PluginsContextProvider with the plugin definition:
<PluginsContextProvider plugins={[samplePlugin]}>
The plugin definition is an object with an init
method that initializes the plugin with the required placeholders, for example:
const pluginDefinition = {
name: 'sample-plugin',
init: ({ addElement }) => {
addElement('menu', {
name: 'home',
label: 'Home',
link: '/',
index: 10,
})
addElement('menu', {
name: 'about',
label: 'About',
link: '/about',
index: 20,
})
},
}
The intergration with Ethereum is performed in the src/hooks/&useWeb3.js
file.
It provides:
Web3ContextProvider
which initialize web3 with the provided context.useWeb3
React custom hook which returns the following information:
connect
function to start connecting to EthereumonEthereumUpdate
function to listen to changeswebs3States
array holding the available states (NOT_CONNECTED
, CONNECTED
, CONNECTING
)The context provider can be initialized in the following way (look at src/App.js
of app
package):
<Web3ContextProvider context={context}>
where context
holds the configuration to initialize web3.
To use the hook, you can simply write:
const { connect, connectionStatus } = useWeb3()
Look at the source of the Connect
component inside the app
package for a usage example.
The global context provider allows to inject providers from the plugins available globally.
Eg.
<PluginsContextProvider plugins={[appPlugin, organizationPlugin]}>
<GlobalContextsProvider>
<HashRouter>
<AppRouter />
</HashRouter>
</GlobalContextsProvider>
</PluginsContextProvider>
allows to have a context structure like:
<PluginsContextProvider plugins={[appPlugin, organizationPlugin]}>
<InjectedProvider1>
<InjectedProvider2>
<HashRouter>
<AppRouter />
</HashRouter>
</InjectedProvider2>
</InjectedProvider1>
</PluginsContextProvider>
The providers can be added from the init
function usng the addElement
method with the globalContexts
keyword
Eg.
addElement('globalContexts', {
name: 'InjectedProvider1',
Component: InjectedProvider1,
index: 10,
})
addElement('globalContexts', {
name: 'InjectedProvider2',
Component: InjectedProvider2,
index: 20,
})
There is another hook in this package called usePrevious
. It simply returns the previously stored value.
It's used in the Connect
component inside the app
package to check if the connection state passed from CONNECTING
to CONNECTED
.
This package uses rollup to create the bundle.
To build the package, you can use the lerna
scripts in the root project (build
and build-dev
), as stated in the root project documentation.
If you prefer to build only this package, just run:
npm run build
to simply build the package, or
npm run build:dev
to build and keep watching for changes.
Interfaces-Framework
To use interfaces-core
for development (so using a checked-out version instead of the npm
dependencies) some steps must be followed.
Assuming that we have cloned Interfaces-Framework in the same folder where we cloned this repo, we need to:
npm install
npm link ../Interfaces-Framework/node_modules/react
npm build
npm link
The first npm link
links the react
used by Interfaces-Framework
to avoid this problem.
Then, in Interface-Framework
, for each packages/*:
npm link @ethereansos/interfaces-core
package-lock.js
npm install
in Interfaces-Framework
PS: Remember to execute just the linkings everytime you install a new dependency in either of the two projects.
### Development in watch mode
To start build the core at each file change, after having followed the above instructions, just run npm run build:dev
and if you've linked this package with the Interfaces-Framework package, you'll see live changes as soon as you edit the code.
Be sure that Interfaces-Framework
uses the new dependencies @ethereansos/core and not @dfohub/core
. If not, change the import.
FAQs
This package includes some core features used by the EtheranOS apps, like the plugin system and the integration with Ethereum.
We found that @ethereansos/interfaces-core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.