Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
@metamask/rpc-errors
Advanced tools
Readme
@metamask/rpc-errors
JSON-RPC errors, including for Ethereum JSON RPC and Ethereum Provider, and making unknown errors compliant with either spec.
yarn add @metamask/rpc-errors
or
npm install @metamask/rpc-errors
import { rpcErrors, providerErrors } from '@metamask/rpc-errors';
throw rpcErrors.invalidRequest();
// or
throw providerErrors.unauthorized('my custom message');
CloseEvent
errors or status codes.import { rpcErrors, providerErrors } from '@metamask/rpc-errors';
// JSON-RPC errors and Ethereum EIP-1474 errors are namespaced under "rpcErrors"
response.error = rpcErrors.methodNotFound({
message: optionalCustomMessage,
data: optionalData,
});
// Ethereum EIP-1193 Provider errors namespaced under "providerErrors"
response.error = providerErrors.unauthorized({
message: optionalCustomMessage,
data: optionalData,
});
// each error getter takes a single "opts" argument
// for most errors, this can be replaced with a single string, which becomes
// the error message
response.error = providerErrors.unauthorized(customMessage);
// if an error getter accepts a single string, all arguments can be omitted
response.error = providerErrors.unauthorized();
response.error = providerErrors.unauthorized({});
// omitting the message will produce an error with a default message per
// the relevant spec
// omitting the data argument will produce an error without a
// "data" property
// the JSON RPC 2.0 server error requires a valid code
response.error = rpcErrors.server({
code: -32031,
});
// custom Ethereum Provider errors require a valid code and message
// valid codes are integers i such that: 1000 <= i <= 4999
response.error = providerErrors.custom({
code: 1001,
message: 'foo',
});
// this is useful for ensuring your errors are standardized
import { serializeError } from '@metamask/rpc-errors'
// if the argument is not a valid error per any supported spec,
// it will be added as error.data.originalError
response.error = serializeError(maybeAnError)
// you can add a custom fallback error code and message if desired
const fallbackError = { code: 4999, message: 'My custom error.' }
response.error = serializeError(maybeAnError, fallbackError)
// Note: if the original error has a "message" property, it will take
// precedence over the fallback error's message
// the default fallback is:
{
code: -32603,
message: 'Internal JSON-RPC error.'
}
/**
* Classes
*/
import { JsonRpcError, EthereumProviderError } from '@metamask/rpc-errors';
/**
* getMessageFromCode and errorCodes
*/
import { getMessageFromCode, errorCodes } from '@metamask/rpc-errors';
// get the default message string for the given code, or a fallback message if
// no message exists for the given code
const message1 = getMessageFromCode(someCode);
// you can specify your own fallback message
const message2 = getMessageFromCode(someCode, myFallback);
// it can be anything, use at your own peril
const message3 = getMessageFromCode(someCode, null);
// {
// rpcErrors: { [errorName]: code, ... },
// providerErrors: { [errorName]: code, ... },
// }
const code1 = rpcErrors.parse;
const code2 = providerErrors.userRejectedRequest;
// all codes in errorCodes have default messages
const message4 = getMessageFromCode(code1);
const message5 = getMessageFromCode(code2);
nvm use
will automatically choose the right node version for you.yarn install
to install dependencies and run any required post-install scriptsRun yarn test
to run the tests once. To run tests on file changes, run yarn test:watch
.
Run yarn lint
to run the linter, or run yarn lint:fix
to run the linter and fix any automatically fixable issues.
The project follows the same release process as the other libraries in the MetaMask organization. The GitHub Actions action-create-release-pr
and action-publish-release
are used to automate the release process; see those repositories for more information about how they work.
1.x
for a v1
backport release).v1.0.2
release, you'd want to ensure there was a 1.x
branch that was set to the v1.0.1
tag.workflow_dispatch
event manually for the Create Release Pull Request
action to create the release PR.action-create-release-pr
workflow to create the release PR.yarn auto-changelog validate --rc
to check that the changelog is correctly formatted.action-publish-release
workflow to tag the final release commit and publish the release on GitHub.publish-release
GitHub Action workflow to finish. This should trigger a second job (publish-npm
), which will wait for a run approval by the npm publishers
team.publish-npm
job (or ask somebody on the npm publishers team to approve it for you).publish-npm
job has finished, check npm to verify that it has been published.FAQs
Ethereum RPC and Provider errors
We found that @metamask/rpc-errors demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 12 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.