Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@mysten/sui.js
Advanced tools
This is the Sui TypeScript SDK built on the Sui JSON RPC API. It provides utility classes and functions for applications to sign transactions and interact with the Sui network.
WARNING: Note that we are still iterating on the RPC and SDK API before TestNet, therefore please expect frequent breaking changes in the short-term. We expect the API to stabilize after the upcoming TestNet launch.
The SDK will be published to npm registry with the same bi-weekly release cycle as the DevNet validators and RPC Server. To use the SDK in your project, you can do:
$ npm install @mysten/sui.js
You can also use your preferred npm client, such as yarn or pnpm.
Note that the latest
tag for the published SDK might go out of sync with the RPC server on the main
branch until the next release. If you're developing against a local network, we recommend using the experimental
-tagged packages, which contain the latest changes from main
.
npm install @mysten/sui.js@experimental
Refer to the JSON RPC topic for instructions about how to start a local network and local RPC server.
To get started you need to install pnpm, then run the following command:
# Install all dependencies
$ pnpm install
# Run the build for the TypeScript SDK and all of its dependencies.
$ pnpm --filter @mysten/sui.js... build
You can view the generated Type Doc for the current release of the SDK at http://typescript-sdk-docs.s3-website-us-east-1.amazonaws.com/.
For the latest docs for the main
branch, run pnpm doc
and open the doc/index.html in your browser.
The JsonRpcProvider
class provides a connection to the JSON-RPC Server and should be used for all read-only operations. The default URLs to connect with the RPC server are:
Examples:
Fetch objects owned by the address 0xbff6ccc8707aa517b4f1b95750a2a8c666012df3
import { JsonRpcProvider } from '@mysten/sui.js';
const provider = new JsonRpcProvider('https://gateway.devnet.sui.io:443');
const objects = await provider.getOwnedObjectRefs(
'0xbff6ccc8707aa517b4f1b95750a2a8c666012df3'
);
Fetch transaction details from a transaction digest:
import { JsonRpcProvider } from '@mysten/sui.js';
const provider = new JsonRpcProvider('https://gateway.devnet.sui.io:443');
const txn = await provider.getTransaction(
'6mn5W1CczLwitHCO9OIUbqirNrQ0cuKdyxaNe16SAME='
);
For any operations that involves signing or submitting transactions, you should use the Signer
API. For example:
To transfer a 0x2::coin::Coin<SUI>
:
import { Ed25519Keypair, JsonRpcProvider, RawSigner } from '@mysten/sui.js';
// Generate a new Keypair
const keypair = new Ed25519Keypair();
const signer = new RawSigner(
keypair,
new JsonRpcProvider('https://gateway.devnet.sui.io:443')
);
const transferTxn = await signer.transferObject({
objectId: '0x5015b016ab570df14c87649eda918e09e5cc61e0',
gasBudget: 1000,
recipient: '0xd84058cb73bdeabe123b56632713dcd65e1a6c92',
});
console.log('transferTxn', transferTxn);
To split a 0x2::coin::Coin<SUI>
into multiple coins
import { Ed25519Keypair, JsonRpcProvider, RawSigner } from '@mysten/sui.js';
// Generate a new Keypair
const keypair = new Ed25519Keypair();
const signer = new RawSigner(
keypair,
new JsonRpcProvider('https://gateway.devnet.sui.io:443')
);
const splitTxn = await signer..splitCoin({
coinObjectId: '0x5015b016ab570df14c87649eda918e09e5cc61e0',
// Say if the original coin has a balance of 100,
// This function will create three new coins of amount 10, 20, 30,
// respectively, the original coin will retain the remaining balance(40).
splitAmounts: [10, 20, 30],
gasBudget: 1000,
});
console.log('SplitCoin txn', splitTxn);
To merge two coins:
import { Ed25519Keypair, JsonRpcProvider, RawSigner } from '@mysten/sui.js';
// Generate a new Keypair
const keypair = new Ed25519Keypair();
const signer = new RawSigner(
keypair,
new JsonRpcProvider('https://gateway.devnet.sui.io:443')
);
const mergeTxn = await signer.mergeCoin({
primaryCoin: '0x5015b016ab570df14c87649eda918e09e5cc61e0',
coinToMerge: '0xcc460051569bfb888dedaf5182e76f473ee351af',
gasBudget: 1000,
});
console.log('MergeCoin txn', mergeTxn);
To make a move call:
import { Ed25519Keypair, JsonRpcProvider, RawSigner } from '@mysten/sui.js';
// Generate a new Keypair
const keypair = new Ed25519Keypair();
const signer = new RawSigner(
keypair,
new JsonRpcProvider('https://gateway.devnet.sui.io:443')
);
const moveCallTxn = await signer.executeMoveCall({
packageObjectId: '0x2',
module: 'devnet_nft',
function: 'mint',
typeArguments: [],
arguments: [
'Example NFT',
'An NFT created by the wallet Command Line Tool',
'ipfs://bafkreibngqhl3gaa7daob4i2vccziay2jjlp435cf66vhono7nrvww53ty',
],
gasBudget: 10000,
});
console.log('moveCallTxn', moveCallTxn);
To publish a package:
import { Ed25519Keypair, JsonRpcProvider, RawSigner } from '@mysten/sui.js';
import * as fs from 'fs/promises';
// Generate a new Keypair
const keypair = new Ed25519Keypair();
const signer = new RawSigner(
keypair,
new JsonRpcProvider('https://gateway.devnet.sui.io:443')
);
const bytecode = await fs.readFile('path/to/project/build/project_name/bytecode_modules/module_name.mv', 'base64');
const publishTxn = await signer.publish(
{
compiledModules: [bytecode.toString()],
gasBudget: 1000
}
);
console.log('publishTxn', publishTxn);
FAQs
Sui TypeScript API(Work in Progress)
The npm package @mysten/sui.js receives a total of 51,309 weekly downloads. As such, @mysten/sui.js popularity was classified as popular.
We found that @mysten/sui.js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.