Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
@litentry/client-sdk
Advanced tools
@litentry/client-sdk
This package provides helpers for dApps to interact with the Heima Protocol.
@heima/client-sdk
This package provides helpers for dApps to interact with the Heima Protocol.
The Enclave is the Heima's Trusted Execution Environment (TEE), that provides the hightest security and privacy for users to store their identity.
This is a browser package, it may not work as-is on Node.js due to Crypto Subtle and WebSocket differences, but the exposed RPC logic is the same.
Installation
-
Install from NPM
npm install @litentry/parachain-api @litentry/sidechain-api @heima/client-sdk -
Set the right environment
Heima's Protocol is currently available in three main stages: local (development),
tee-dev(staging), andtee-prod(production).You can set what stage to use by setting the
HEIMA_NETWORKenvironment variable. Valid values are:heima-local: will point to a local enclavews://localhost:2100heima-dev(default): will point totee-dev's Enclave.heima-prod: will point totee-prod's Enclave.
NX_*prefixed env variables (NX projects) will work too.
Versions
This package is distributed under two main tags: next and latest.
Versions in the pattern of x.x.x-next.x feature the most recent code version to work with tee-dev. E.g., 1.0.0-next.0. Once stable and once the Heima Protocol is upgraded, the version will be tagged as latest and should be used against tee-prod. E.g., 1.0.0. You can find all versions on https://www.npmjs.com/package/@heima/client-sdk?activeTab=versions
Examples & API documentation
Please refer to the examples folder in this repository to learn more about all the available operations. The docs folder includes detailed API information about.
Development
Quick start
These are the steps for publishing the package locally for development purposes.
-
Install dependencies
pnpm install -
Spin up an local NPM registry
pnpm nx local-registry -
Publish locally
Follow the steps of Publish new versions. The step 1 can be skipped.
As long as the local registry is up, any publishing will happen locally.
-
Run test and lint checks
pnpm nx run client-sdk:lint pnpm nx run client-sdk:testBefore running the tests, make sure you have a local omni-executor running, see omni-executor README for more information.
Publish new versions
-
Bump the version on package.json to for instance
1.0.0. -
Update the latest documentation
pnpm nx run client-sdk:generate-doc -
Build the project
pnpm nx run client-sdk:build -
Publish the distribution files
pnpm nx run client-sdk:publish --ver 1.0.0 --tag latest
FAQs
This package provides helpers for dApps to interact with the Heima Protocol.
We found that @litentry/client-sdk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Package last updated on 27 Mar 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026