Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@hirosystems/clarinet-sdk
Advanced tools
The Clarinet SDK can be used to interact with the simnet from Node.js.
Find the API references of the SDK in our documentation.
Learn more about unit testing Clarity smart contracts in this guide.
You can use this SDK to:
npm install @hirosystems/clarinet-sdk
import { initSimnet } from "@hirosystems/clarinet-sdk";
import { Cl } from "@stacks/transactions";
async function main() {
const simnet = await initSimnet();
const accounts = simnet.getAccounts();
const address1 = accounts.get("wallet_1");
if (!address1) throw new Error("invalid wallet name.");
const call = simnet.callPublicFn("counter", "add", [Cl.uint(1)], address1);
console.log(call.result); // Cl.int(Cl.ok(true))
const counter = simnet.getDataVar("counter", "counter");
console.log(counter); // Cl.int(2)
}
main();
By default, the SDK will look for a Clarinet.toml file in the current working directory. It's also possible to provide the path to the manifest like so:
const simnet = await initSimnet("./path/to/Clarinet.toml");
The SDK can be used to write unit tests for Clarinet projects.
You'll need to have Node.js (>= 18) and NPM setup. If you are not sure how to set it up, Volta is a nice tool to get started.
In the terminal, run node --version
to make sure it's available and up to date.
Note: A bit of boilerplate is needed to setup the testing environment. Soon it will be handled by the clarinet-cli.
Open your terminal and go to a new or existing Clarinet project:
cd my-project
ls # you should see a Clarinet.toml file in the list
Run the following command to setup the testing framework:
npx @hirosystems/clarinet-sdk
Visit the clarity starter project to see the testing framework in action.
We recommend to use TypeScript to write the unit tests, but it's also possible to do it with JavaScript. To do so, rename your test files to .test.js
instead of .test.ts
. You can also delete the tsconfig.json
and uninstall typescript with npm uninstall typescript
.
Note: If you want to write your test in JavaScript but still have a certain level of type safety and autocompletion, VSCode can help you with that. You can create a basic jsconfig.json
file:
{
"compilerOptions": {
"checkJs": true,
"strict": true
},
"include": ["node_modules/@hirosystems/clarinet-sdk/vitest-helpers/src", "unit-tests"]
}
The clarinet-sdk requires a few steps to be built and tested locally. We'll look into simplifying this workflow in a future version.
Clone the clarinet repo and cd
into it:
git clone git@github.com:hirosystems/clarinet.git
cd clarinet
Open the SDK workspace in VSCode, it's especially useful to get rust-analyzer to consider the right files with the right cargo features.
code components/clarinet-sdk/clarinet-sdk.code-workspace
The SDK mainly relies on two components:
components/clarinet-sdk-wasm
components/clarinet-sdk
To work with these two packages locally, the first one needs to be built with wasm-pack and linked with: npm link.
Install wasm-pack and run:
cd components/clarinet-sdk-wasm
wasm-pack build --release --target=nodejs --scope hirosystems
cd pkg
npm link
Go to the clarinet-sdk
directory and link the package that was just built.
It will tell npm to use it instead of the published version. You don't need to
repeat the steps everytime the clarinet-sdk-wasm
changes, it only needs to be
rebuilt with wasm-pack and npm will use it.
Built the TS project:
cd ../../clarinet-sdk
npm link @hirosystems/clarinet-sdk-wasm
You can now run npm test
, it wil be using the local version of clarinet-sdk-wasm
2.4.0 (2024-03-25)
FAQs
A SDK to interact with Clarity Smart Contracts in node.js
The npm package @hirosystems/clarinet-sdk receives a total of 364 weekly downloads. As such, @hirosystems/clarinet-sdk popularity was classified as not popular.
We found that @hirosystems/clarinet-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.