Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@metamask/utils
Advanced tools
Various JavaScript/TypeScript utilities of wide relevance to the MetaMask codebase.
@metamask/utils is a utility library provided by MetaMask that offers a variety of helper functions and utilities to facilitate Ethereum and blockchain development. It includes functions for handling Ethereum addresses, hex strings, and other common tasks in the Ethereum ecosystem.
Hex String Utilities
This feature provides utilities for working with hex strings, such as checking if a string is a valid hex string and converting hex strings to UTF-8.
const { isHexString, hexToUtf8 } = require('@metamask/utils');
const hex = '0x68656c6c6f';
console.log(isHexString(hex)); // true
console.log(hexToUtf8(hex)); // 'hello'
Ethereum Address Utilities
This feature includes functions for validating Ethereum addresses and converting them to checksum addresses.
const { isValidAddress, toChecksumAddress } = require('@metamask/utils');
const address = '0x742d35Cc6634C0532925a3b844Bc454e4438f44e';
console.log(isValidAddress(address)); // true
console.log(toChecksumAddress(address)); // '0x742d35Cc6634C0532925a3b844Bc454e4438f44e'
Type Conversion Utilities
This feature provides utilities for converting between different types, such as numbers and hex strings.
const { numberToHex, hexToNumber } = require('@metamask/utils');
const number = 12345;
const hex = numberToHex(number);
console.log(hex); // '0x3039'
console.log(hexToNumber(hex)); // 12345
web3-utils is a utility library that is part of the web3.js library. It provides a wide range of utility functions for Ethereum development, including functions for working with hex strings, Ethereum addresses, and more. Compared to @metamask/utils, web3-utils offers a broader set of utilities and is more widely used in the Ethereum development community.
ethers is a comprehensive library for interacting with the Ethereum blockchain. It includes a variety of utility functions similar to those in @metamask/utils, such as functions for handling hex strings and Ethereum addresses. Additionally, ethers provides a full-featured API for interacting with smart contracts, making it a more complete solution for Ethereum development.
eth-utils is a utility library that provides a collection of utility functions for Ethereum development. It includes functions for working with hex strings, Ethereum addresses, and other common tasks. While it offers similar functionalities to @metamask/utils, it is less focused on MetaMask-specific use cases and provides a more general set of utilities for Ethereum development.
Various JavaScript/TypeScript utilities of wide relevance to the MetaMask codebase.
yarn add @metamask/utils
or
npm install @metamask/utils
The full API documentation for the latest published version of this library is available here.
nvm use
will automatically choose the right node version for you.yarn setup
to install dependencies and run any required post-install scripts
yarn
/ yarn install
command directly. Use yarn setup
instead. The normal install command will skip required post-install scripts, leaving your development environment in an invalid state.Run yarn test
to run the tests once. To run tests on file changes, run yarn test:watch
.
Run yarn lint
to run the linter, or run yarn lint:fix
to run the linter and fix any automatically fixable issues.
The API documentation can be generated with the command yarn docs
, which saves it in the ./docs
directory. Open the ./docs/index.html
file to browse the documentation.
The project follows the same release process as the other libraries in the MetaMask organization. The GitHub Actions action-create-release-pr
and action-publish-release
are used to automate the release process; see those repositories for more information about how they work.
Choose a release version.
If this release is backporting changes onto a previous release, then ensure there is a major version branch for that version (e.g. 1.x
for a v1
backport release).
v1.0.2
release, you'd want to ensure there was a 1.x
branch that was set to the v1.0.1
tag.Trigger the workflow_dispatch
event manually for the Create Release Pull Request
action to create the release PR.
action-create-release-pr
workflow to create the release PR.Update the changelog to move each change entry into the appropriate change category (See here for the full list of change categories, and the correct ordering), and edit them to be more easily understood by users of the package.
yarn auto-changelog validate --rc
to check that the changelog is correctly formatted.Review and QA the release.
Squash & Merge the release.
action-publish-release
workflow to tag the final release commit and publish the release on GitHub.Publish the release on npm.
npm publish --dry-run
to examine the release contents to ensure the correct files are included. Compare to previous releases if necessary (e.g. using https://unpkg.com/browse/[package name]@[package version]/
).npm publish
.FAQs
Various JavaScript/TypeScript utilities of wide relevance to the MetaMask codebase
The npm package @metamask/utils receives a total of 421,735 weekly downloads. As such, @metamask/utils popularity was classified as popular.
We found that @metamask/utils demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.