
Security News
/Research
Compromised Injective SDK npm Package Exfiltrates Wallet Keys and Mnemonics
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.
@ismeth/pondercore
Advanced tools
Ponder is an open-source framework for blockchain application backends.
Visit ponder.sh for documentation, guides, and the API reference.
Join Ponder's telegram chat for support, feedback, and general chatter.
✅ Local development server with hot reloading
✅ create-ponder CLI tool to get started from an Etherscan link or Graph Protocol subgraph
✅ End-to-end type safety using viem and ABIType
✅ Autogenerated GraphQL API
✅ Easy to deploy anywhere using Node.js/Docker
✅ Supports all Ethereum-based blockchains, including test nodes like Anvil
✅ Index events from multiple chains in the same app
✅ Reconciles chain reorganization
✅ Factory contracts
✅ Process transactions calls (in addition to logs)
🏗️ Run effects (e.g. send an API request) in indexing code
create-ponderYou will be asked for a project name, and if you are using a template (recommended). Then, the CLI will create a project directory, install dependencies, and initialize a git repository.
npm init ponder@latest
# or
pnpm create ponder
# or
yarn create ponder
Just like Next.js and Vite, Ponder has a development server that automatically reloads when you save changes in any project file. It also prints console.log statements and errors encountered while running your code. First, cd into your project directory, then start the server.
npm run dev
# or
pnpm dev
# or
yarn dev
Ponder fetches event logs for the contracts added to ponder.config.ts, and passes those events to the indexing functions you write.
// ponder.config.ts
import { createConfig } from "@ponder/core";
import { http } from "viem";
import { BaseRegistrarAbi } from "./abis/BaseRegistrar";
export default createConfig({
networks: {
mainnet: {
chainId: 1,
transport: http("https://eth-mainnet.g.alchemy.com/v2/...")
},
},
contracts: {
BaseRegistrar: {
abi: BaseRegistrarAbi,
network: "mainnet",
address: "0x57f1887a8BF19b14fC0dF6Fd9B2acc9Af147eA85",
startBlock: 9380410,
},
},
});
The ponder.schema.ts file contains the database schema, and defines the shape data that the GraphQL API serves.
// ponder.schema.ts
import { onchainTable } from "@ponder/core";
export const ensName = onchainTable("ens_name", (t) => ({
name: p.text().primaryKey(),
owner: p.text().notNull(),
registeredAt: p.integer().notNull(),
}));
Files in the src/ directory contain indexing functions, which are TypeScript functions that process a contract event. The purpose of these functions is to insert data into the entity store.
// src/BaseRegistrar.ts
import { ponder } from "@/generated";
import * as schema from "../ponder.schema";
ponder.on("BaseRegistrar:NameRegistered", async ({ event, context }) => {
const { name, owner } = event.params;
await context.db.insert(schema.ensName).values({
name: name,
owner: owner,
registeredAt: event.block.timestamp,
});
});
See the create & update records docs for a detailed guide on writing indexing functions.
Ponder automatically generates a frontend-ready GraphQL API based on your ponder.schema.ts file. The API serves data that you inserted in your indexing functions.
{
ensNames(limit: 2) {
items {
name
owner
registeredAt
}
}
}
{
"ensNames": {
"items": [
{
"name": "vitalik.eth",
"owner": "0x0904Dac3347eA47d208F3Fd67402D039a3b99859",
"registeredAt": 1580345271
},
{
"name": "joe.eth",
"owner": "0x6109DD117AA5486605FC85e040ab00163a75c662",
"registeredAt": 1580754710
}
]
}
}
That's it! Visit ponder.sh for documentation, guides for deploying to production, and the API reference.
If you're interested in contributing to Ponder, please read the contribution guide.
@ponder/core@ponder/utilscreate-pondereslint-config-ponderPonder is MIT-licensed open-source software.
FAQs
An open-source framework for crypto application backends
We found that @ismeth/pondercore demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.

Security News
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.

Research
/Security News
Socket tracks the activity as Operation “Muck and Load”: a threat actor uses commit-farming workflows, public dead drops, and protected archives to stage Windows RAT and infostealer malware.