Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@nimiq/core
Advanced tools
A very light Nimiq Proof-of-Stake client for browsers and NodeJS, compiled from Rust to WebAssembly.
Note This light client is intended to be used in web browsers or NodeJS only (no WASI support either). Other webworker-enabled environments are not yet supported.
You need to install this package from the next
tag:
npm install @nimiq/core@next
or
yarn add @nimiq/core@next
This package contains the WASM file bundled for three targets: bundler
, web
and node
.
If you use any bundler for your project, like Webpack or Vite, you should probably use the bundler
target exported from the package root. If that doesn't work, or you require the web
target for your use-case, jump to the With ES Modules section.
[!IMPORTANT] For Webpack 5:
- Enable the
asyncWebAssembly
experiment in your config.- Dynamically import the package with
await import()
.
[!IMPORTANT] For Vite:
- Use the
vite-plugin-wasm
plugin.- Exclude this package from Vite's dependency optimization:
// vite.config.ts optimizeDeps: { exclude: ['@nimiq/core'], }
[!IMPORTANT] For Nuxt:
- Use the
vite-plugin-wasm
plugin.- Exclude this package from Vite's dependency optimization:
// nuxt.config.ts vite: { optimizeDeps: { exclude: ['@nimiq/core'], } }
- Ensure the package is only run client-side: either set
ssr: false
in your Nuxt config, import this package only in client-side plugins, or wrap it in<ClientOnly>
.
// With Webpack: import the package asynchronously:
const Nimiq = await import('@nimiq/core');
// With Vite, import at the top of your file:
import * as Nimiq from '@nimiq/core';
// Create a configuration builder:
const config = new Nimiq.ClientConfiguration();
// Change the config, if necessary:
// --------------------------------
// Specify the network to use:
// Optional, default is 'testalbatross'
config.network('testalbatross');
// Specify the seed nodes to initially connect to:
// Optional, default is ['/dns4/seed1.pos.nimiq-testnet.com/tcp/8443/wss']
config.seedNodes(['/dns4/seed1.pos.nimiq-testnet.com/tcp/8443/wss']);
// Change the lowest log level that is output to the console:
// Optional, default is 'info'
config.logLevel('debug');
// Instantiate and launch the client:
const client = await Nimiq.Client.create(config.build());
// Import the loader and package from the /web path:
import init, * as Nimiq from '@nimiq/core/web';
// Load and initialize the WASM file
init().then(() => {
// Create a configuration builder:
const config = new Nimiq.ClientConfiguration();
// Change the config as shown above, if necessary
// ...
// Instantiate and launch the client:
const client = await Nimiq.Client.create(config.build());
});
For NodeJS, this package includes both CommonJS and ESM builds. You can either require()
the package or import
it.
// Import as CommonJS module
const Nimiq = require("@nimiq/core");
// Or import as ESM module
import * as Nimiq from "@nimiq/core";
// In ESM modules you can use await at the top-level and do not need an async wrapper function.
async function main() {
// Create a configuration builder:
const config = new Nimiq.ClientConfiguration();
// Change the config as shown above, if necessary
// ...
// Instantiate and launch the client:
const client = await Nimiq.Client.create(config.build());
}
main();
This is an early version of the client code compiled to WebAssembly and as such there can be problems and friction, especially now that more people try it out in more environments than we could ever test ourselves.
If you encounter issues or you find a bug, please open an issue in our Github at https://github.com/nimiq/core-rs-albatross.
If you want to provide feedback or have questions about the client, our "Nimiq Coders Dojo" Telegram group and the Community Forum are the right places for that.
FAQs
Nimiq's Rust-to-WASM web client
We found that @nimiq/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.