Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@moonbeam-network/xcm-sdk
Advanced tools
The Moonbeam XCM SDK enables developers to easily deposit and withdraw assets to Moonbeam/Moonriver from the relay chain and other parachains in the Polkadot/Kusama ecosystem
The Moonbeam XCM SDK enables developers to easily transfer assets between chains, either between parachains or between a parachain and the relay chain, within the Polkadot/Kusama ecosystem. With the SDK, you don't need to worry about determining the multilocation of the origin or destination assets or which extrinsics are used on which networks to send XCM transfers.
The XCM SDK offers helper functions, that provide a very simple interface to execute XCM transfers between chains in the Polkadot/Kusama ecosystem. In addition, the XCM config package allows any parachain project to add their information in a standard way, so they can be immediately supported by the XCM SDK.
You can find the documentation at https://moonbeam-foundation.github.io/xcm-sdk/latest/.
npm i @moonbeam-network/xcm-sdk
:warning: You need to have peer dependencies of SDK installed as well.
npm i @polkadot/api @polkadot/api-augment @polkadot/types @polkadot/util @polkadot/util-crypto @polkadot/apps-config ethers
The following sections contain basic examples of how to work with the XCM SDK to build transfer data to transfer an asset from one chain to another and how to submit the transfer. For a detailed overview on how to use each method, including a reference to the parameters and returned data of each method exposed by the SDK, please refer to the XCM SDK docs.
import { Sdk } from '@moonbeam-network/xcm-sdk';
const { assets, getTransferData } = Sdk();
// You can build the XCM transfer data via the assets function
const dataViaAssetsMethod = await assets()
.asset('INSERT_ASSET')
.source('INSERT_SOURCE_CHAIN')
.destination('INSERT_DESTINATION_CHAIN')
.accounts('INSERT_SOURCE_ADDRESS', 'INSERT_DESTINATION_ADDRESS', {
evmSigner?: 'INSERT_EVM_SIGNER',
polkadotSigner?: 'INSERT_POLKADOT_SIGNER',
});
// Or via the getTransferData function
const dataViaGetTransferDataMethod = await getTransferData({
destinationAddress: 'INSERT_DESTINATION_ADDRESS',
destinationKeyOrChain: 'INSERT_DESTINATION_CHAIN',
evmSigner?: 'INSERT_EVM_SIGNER',
keyOrAsset: 'INSERT_ASSET',
polkadotSigner?: 'INSERT_POLKADOT_SIGNER',
sourceAddress: 'INSERT_SOURCE_ADDRESS',
sourceKeyOrChain: 'INSERT_SOURCE_CHAIN',
});
...
const hash = await dataViaGetTransferDataMethod.transfer('INSERT_TRANSFER_AMOUNT');
git clone git@github.com:moonbeam-foundation/xcm-sdk.git
cd xcm-sdk
npm i
cd examples/sdk-simple
# edit index.ts by adding your accounts
npm start
git clone git@github.com:moonbeam-foundation/xcm-sdk.git
npm i
npm run dev
npm run test
cp .env.example .env
# add private key and suri to .env file
npm run test:acc
To create a dev version go to GitHub actions and run publish dev versions
workflow.
To create a release version run:
npm run changeset
Build the project:
npm run build
npm run link
In your project where you would like to test the changes:
npm link @moonbeam-network/xcm-types @moonbeam-network/xcm-utils @moonbeam-network/xcm-builder @moonbeam-network/xcm-config @moonbeam-network/xcm-sdk
If you need you can link other packages too.
After testing is done, unlink the SDK:
npm unlink @moonbeam-network/xcm-types @moonbeam-network/xcm-utils @moonbeam-network/xcm-builder @moonbeam-network/xcm-config @moonbeam-network/xcm-sdk
FAQs
The Moonbeam XCM SDK enables developers to easily deposit and withdraw assets to Moonbeam/Moonriver from the relay chain and other parachains in the Polkadot/Kusama ecosystem
The npm package @moonbeam-network/xcm-sdk receives a total of 213 weekly downloads. As such, @moonbeam-network/xcm-sdk popularity was classified as not popular.
We found that @moonbeam-network/xcm-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.