Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@neon-exchange/api-client-typescript-legacy
Advanced tools
Official TypeScript client for interacting with the Nash exchange
Official TypeScript client for interacting with the Nash Exchange.
To test your integrations, Nash provides a public sandbox environment at https://app.sandbox.nash.io.
NOTE: In sandbox, testnet funds are automatically sent to new accounts. The sandbox environment is reset every couple of days.
yarn add @neon-exchange/api-client-typescript
To get started you need to create an API key. You can find instructions on how to do so further down in this Readme. Remember, API Keys contain sensitive infomation, if you are using version control be careful not to store the key in the repository.
import {
Client,
EnvironmentConfiguration
} from '@neon-exchange/api-client-typescript'
const nash = new Client(EnvironmentConfiguration.sandbox)
const run = async () => {
const markets = await nash.listMarkets()
console.log(markets)
}
run()
Note: You can use either EnvironmentConfiguration.production
or EnvironmentConfiguration.sandbox
.
Most Nash API requests require the client to be authenticated. This is needed to sign the payloads being sent over the wire.
import {
Client,
EnvironmentConfiguration,
CryptoCurrency
} from '@neon-exchange/api-client-typescript'
const nash = new Client(EnvironmentConfiguration.sandbox)
const run = async () => {
try {
await nash.login(require('PATH_TO_KEY.json'))
const balance = await nash.getAccountBalance(CryptoCurrency.NEO)
console.log(balance)
} catch (e) {
console.error(e)
}
}
run()
Using the client in node can be done like below. See also the nodejs example.
const Nash = require('@neon-exchange/api-client-typescript')
const client = new Nash.Client(Nash.EnvironmentConfiguration.production)
const apiKeys = {
secret: 'your secret',
apiKey: 'your key'
}
const run = async () => {
try {
await client.login(apiKeys)
} catch (e) {
console.log(e)
}
}
run()
You can use websockets subscriptions like this:
import { Client, EnvironmentConfiguration } from '@neon-exchange/api-client-typescript'
const nash = new Client(EnvironmentConfiguration.sandbox)
await nash.login(...)
// Getting the orderbook for the neo_eth marked
nash.subscriptions.onUpdatedOrderbook(
{ marketName: 'neo_eth' },
{
onResult: ({
data: {
updatedOrderBook: { bids, asks }
}
}) => {
console.log(`updated bids ${bids.length}`)
console.log(`updated asks ${asks.length}`)
}
}
)
// Getting the user orderobok for all markets
nash.subscriptions.onUpdatedAccountOrders(
{},
{
onResult: ({
data: {
updatedAccountOrders
}
}) => {
console.log(`Updated orders: {updatedAccountOrders.length}`)
}
}
)
To configure the client to use an affiliate code, you just have to supply it as a client option.
import { Client } from '@neon-exchange/api-client-typescript'
const client = new Client(
...,
{
affiliateCode: 'YOUR_CODE',
affiliateLabel: 'arbitragebot' // Optional label
}
)
You may supply an optional affiliate label, which will be shown on the affiliate page. Label may only contain alpha numeric characters.
Setting up an API key is very easy. Start by navigating to your profile page, from the profile page, click on the API Keys tab, and click on the 'Generate new key' to open a create API Key wizard. After going through the wizard. Remember to save your API key, and store it somewhere accessible to your project.
This video shows how to set up a new API Key.
Using API keys allows users to apply policies to operations performed by the SDK. One such operation is to transfer funds to external accounts. This is done by using the transferToExternal method on the Client. Before being allowed to send funds, addresses have to be explicitly whitelisted. Otherwise the all calls to the method will result in a permission violation.
Whitelisted addresses can be set up both before and after creating the API key. This video shows how to whitelist two addresses for an API key.
In order to assure your blockchain balances remain in sync with your trading balances, the client must 'sign' their state every so often before placing more orders. By default, the client will take care of this in the background for you and you will not need to worry about this.
In special cases where a user has more than one client process running at once which is placing a high volume of orders, it is advisable to take a more custom approach. To turn of auto state syncing, initialize the client like so:
const nash = new Client(EnvironmentConfiguration.sandbox, {autoSignState: false})
You will then be responsible for signing states when necessary. The current restriction is that states must be signed every 100 open orders, so the client should keep track and make sure to sign state before this limit is reached, otherwise placing an order will raise an error.
This is done using the following call:
const states = await client.getSignAndSyncStates()
If you are running a high volume of orders from different clients on the same account and having difficulty managing this process, please reach out to support and we will be glad to help with an optimal solution.
0.1.4 (2020-03-16)
<a name="0.1.4"></a>
FAQs
Official TypeScript client for interacting with the Nash exchange
The npm package @neon-exchange/api-client-typescript-legacy receives a total of 10 weekly downloads. As such, @neon-exchange/api-client-typescript-legacy popularity was classified as not popular.
We found that @neon-exchange/api-client-typescript-legacy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.