
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@fireblocks/fireblocks-json-rpc
Advanced tools
[](https://badge.fury.io/js/@fireblocks%2Ffireblocks-json-rpc)
Warning
This package is in a beta stage and should be used at your own risk.
The provided interfaces might go through backwards-incompatibale changes.
For a more stable library (with a different paradigm) you can use Fireblocks Web3 Provider
fireblocks-json-rpc is a command-line JSON-RPC server powered by the Fireblocks API.
Its goal is to make it easy for Fireblocks users to interact with EVM chains.
Additional SDKs:
npm install -g @fireblocks/fireblocks-json-rpc
$ fireblocks-json-rpc --help
_____ _ _ _ _ _ ____ ___ _ _ ____ ____ ____
| ___(_)_ __ ___| |__ | | ___ ___| | _____ | / ___| / _ \| \ | | | _ \| _ \ / ___|
| |_ | | '__/ _ \ '_ \| |/ _ \ / __| |/ / __| _ | \___ \| | | | \| |_____| |_) | |_) | |
| _| | | | | __/ |_) | | (_) | (__| <\__ \ | |_| |___) | |_| | |\ |_____| _ <| __/| |___
|_| |_|_| \___|_.__/|_|\___/ \___|_|\_\___/ \___/|____/ \___/|_| \_| |_| \_\_| \____|
Usage: fireblocks-json-rpc [options] [-- tool [argument ...]]
A CLI for running a local Ethereum JSON-RPC server powered by Fireblocks
Options:
--apiKey <key> Fireblocks API key (env: FIREBLOCKS_API_KEY)
--privateKey <path_or_contents> Fireblocks API private key (env: FIREBLOCKS_API_PRIVATE_KEY_PATH)
--chainId [chainId] Either chainId or rpcUrl must be provided (env: FIREBLOCKS_CHAIN_ID)
--rpcUrl [rpcUrl] Either rpcUrl or chainId must be provided (env: FIREBLOCKS_RPC_URL)
--http Run an HTTP server instead of using IPC (env: FIREBLOCKS_HTTP)
--port [port] HTTP server port (default: 8545, env: FIREBLOCKS_PORT)
--host [host] HTTP server host (default: "127.0.0.1", env: FIREBLOCKS_HOST)
--suppressHostWarning Supress the warning printed when setting --host not to localhost (env: FIREBLOCKS_HOST)
--httpPath [path] HTTP JSON-RPC endpoint path (env: FIREBLOCKS_HTTP_PATH)
--ipcPath [path] IPC path to listen on, defaults to '~/.fireblocks/json-rpc.ipc' on linux and macos, and '\\.\pipe\fireblocks-json-rpc.ipc'
on windows (default: "/Users/user/.fireblocks/json-rpc.ipc", env: FIREBLOCKS_IPC_PATH)
--env [env_var_name] Sets the listening address as an environment variable (default: "FIREBLOCKS_JSON_RPC_ADDRESS", env:
FIREBLOCKS_JSON_RPC_ENV_VAR)
--vaultAccountIds [vaultAccountIds] Fireblocks Web3 Provider option (env: FIREBLOCKS_VAULT_ACCOUNT_IDS)
--apiBaseUrl [apiBaseUrl] Fireblocks Web3 Provider option (env: FIREBLOCKS_API_BASE_URL)
--fallbackFeeLevel [fallbackFeeLevel] Fireblocks Web3 Provider option (env: FIREBLOCKS_FALLBACK_FEE_LEVEL)
--note [note] Fireblocks Web3 Provider option (default: "Created by Fireblocks JSON-RPC", env: FIREBLOCKS_NOTE)
--pollingInterval [pollingInterval] Fireblocks Web3 Provider option (env: FIREBLOCKS_POLLING_INTERVAL)
--oneTimeAddressesEnabled [oneTimeAddressesEnabled] Fireblocks Web3 Provider option (env: FIREBLOCKS_ONE_TIME_ADDRESSES_ENABLED)
--externalTxId [externalTxId] Fireblocks Web3 Provider option (env: FIREBLOCKS_EXTERNAL_TX_ID)
--userAgent [userAgent] Fireblocks Web3 Provider option (env: FIREBLOCKS_USER_AGENT)
--logTransactionStatusChanges [logTransactionStatusChanges] Fireblocks Web3 Provider option (env: FIREBLOCKS_LOG_TX_STATUS_CHANGES)
-q, --quiet Don't print anything (env: FIREBLOCKS_QUIET)
-v, --verbose Print a lot of stuff, useful for debugging, same as setting DEBUG=fireblocks-json-rpc (env: FIREBLOCKS_VERBOSE)
-r, --raw Only output the listening address (env: FIREBLOCKS_VERBOSE)
--version Output the version number
-h, --help display help for command
Learn more about the Fireblocks Web3 Provider configuration options at
https://github.com/fireblocks/fireblocks-web3-provider#fireblocksproviderconfig
Example usage:
Basic usage:
$ fireblocks-json-rpc --apiKey <key> --privateKey <path_or_contents> --chainId <chainId>
$ fireblocks-json-rpc --apiKey <key> --privateKey <path_or_contents> --rpcUrl <rpcUrl>
Using environment variables (.env file also works):
$ FIREBLOCKS_API_KEY=<key> FIREBLOCKS_API_PRIVATE_KEY_PATH=<path_or_contents> FIREBLOCKS_CHAIN_ID=<chainId> fireblocks-json-rpc
Run another tool using "--":
$ fireblocks-json-rpc --http -- cast estimate 0x5fe5a74b7628c43514DB077d5E112cf6593ed8D3 "increment()" --rpc-url {}
$ fireblocks-json-rpc --http -- forge script script/NFT.s.sol:MyScript --sender "0x827226cc80020b343a8c03e44A974CEbF0336e74" --broadcast --unlocked --rpc-url {}
Print requests and responses using --verbose:
$ fireblocks-json-rpc --verbose --http -- cast estimate 0x5fe5a74b7628c43514DB077d5E112cf6593ed8D3 "increment()" --rpc-url {}
Using a sandbox workspace with --apiBaseUrl:
$ fireblocks-json-rpc --apiBaseUrl https://sandbox-api.fireblocks.io --apiKey <key> --privateKey <path_or_contents> --chainId <chainId>
npm install
npm run build
npm install -g .
FAQs
[](https://badge.fury.io/js/@fireblocks%2Ffireblocks-json-rpc)
The npm package @fireblocks/fireblocks-json-rpc receives a total of 4 weekly downloads. As such, @fireblocks/fireblocks-json-rpc popularity was classified as not popular.
We found that @fireblocks/fireblocks-json-rpc demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.