Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@fireblocks/fireblocks-web3-provider
Advanced tools
EIP-1193 Compatible Ethereum provider for Fireblocks
Fireblocks EIP-1193 Compatible Ethereum JavaScript Provider
npm install @fireblocks/fireblocks-web3-provider
import { FireblocksWeb3Provider, ChainId, ApiBaseUrl } from "@fireblocks/fireblocks-web3-provider";
const eip1193Provider = new FireblocksWeb3Provider({
// apiBaseUrl: ApiBaseUrl.Sandbox // If using a sandbox workspace
privateKey: process.env.FIREBLOCKS_API_PRIVATE_KEY_PATH,
apiKey: process.env.FIREBLOCKS_API_KEY,
vaultAccountIds: process.env.FIREBLOCKS_VAULT_ACCOUNT_IDS,
chainId: ChainId.GOERLI,
logTransactionStatusChanges: true, // Verbose logging
})
npm install ethers
import * as ethers from "ethers"
const provider = new ethers.BrowserProvider(eip1193Provider);
// Or like this if you're using ethers v5:
// const provider = new ethers.providers.Web3Provider(eip1193Provider);
npm install web3
import Web3 from "web3";
const web3 = new Web3(eip1193Provider);
config
FireblocksProviderConfigThis class is an EIP-1193 Compatible Ethereum JavaScript Provider powered by the Fireblocks API
type FireblocksProviderConfig = {
// ------------- Mandatory fields -------------
/**
* Learn more about creating API users here:
* https://developers.fireblocks.com/docs/quickstart#api-user-creation
*/
/**
* Fireblocks API key
*/
apiKey: string,
/**
* Fireblocks API private key for signing requests
*/
privateKey: string,
// Either chainId or rpcUrl must be provided
/**
* If not provided, it is inferred from the rpcUrl
*/
chainId?: ChainId,
/**
* If not provided, it is inferred from the chainId
*/
rpcUrl?: string,
// ------------- Optional fields --------------
/**
* By default, the first 20 vault accounts are dynamically loaded from the Fireblocks API
* It is recommended to provide the vault account ids explicitly because it helps avoid unnecessary API calls
*/
vaultAccountIds?: number | number[] | string | string[],
/**
* By default, it uses the Fireblocks API production endpoint
* When using a sandbox workspace, you should provide the ApiBaseUrl.Sandbox value
*/
apiBaseUrl?: ApiBaseUrl | string,
/**
* By default, the fallback fee level is set to FeeLevel.MEDIUM
*/
fallbackFeeLevel?: FeeLevel,
/**
* By default, the note is set to "Created by Fireblocks Web3 Provider"
*/
note?: string,
/**
* By default, the polling interval is set to 1000ms (1 second)
* It is the interval in which the Fireblocks API is queried to check the status of transactions
*/
pollingInterval?: number,
/**
* By default, it is assumed that one time addresses are enabled in your workspace
* If they're not, set this to false
*/
oneTimeAddressesEnabled?: boolean,
/**
* By default, no externalTxId is associated with transactions
* If you want to set one, you can either provide a function that returns a string, or provide a string directly
*/
externalTxId?: (() => string) | string,
/**
* If you want to prepend an additional product string to the User-Agent header, you can provide it here
*/
userAgent?: string,
/**
* If you are using a private/custom EVM chain, you can provide its Fireblocks assetId here
*/
assetId?: string,
/**
* Default: false
* By setting to true, every transaction status change will be logged to the console
* Same as setting env var `DEBUG=fireblocks-web3-provider:status`
*/
logTransactionStatusChanges?: boolean,
/**
* Default: false
* By setting to true, every request and response processed by the provider will be logged to the console
* Same as setting env var `DEBUG=fireblocks-web3-provider:req_res`
*/
logRequestsAndResponses?: boolean,
/**
* Default: true
* By setting to true, every failed transaction will print additional information
* helpful for debugging, such as a link to simulate the transaction on Tenderly
* Same as setting env var `DEBUG=fireblocks-web3-provider:error`
*/
enhancedErrorHandling?: boolean,
/**
* Proxy path in the format of `http(s)://user:pass@server`
*/
proxyPath?: string
}
FAQs
EIP-1193 Compatible Ethereum provider for Fireblocks
We found that @fireblocks/fireblocks-web3-provider demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.