Security News
NVD Backlog Tops 20,000 CVEs Awaiting Analysis as NIST Prepares System Updates
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
@oceanprotocol/lib
Advanced tools
JavaScript library to privately & securely publish, exchange, and consume data.
With ocean.js, you can:
ocean.js is part of the Ocean Protocol toolset.
This is in alpha state. If you run into problems, please open up a new issue.
npm install @oceanprotocol/lib
The project is authored with TypeScript and compiled with tsc
.
To start compiler in watch mode:
npm install
npm start
For linting and auto-formatting you can use from the root of the project:
# lint all js with eslint
npm run lint
# auto format all js & css with prettier, taking all configs into account
npm run format
Test suite for unit & integration tests is setup with Mocha as test runner, and nyc for coverage reporting. A combined coverage report is sent to CodeClimate via the coverage
GitHub Actions job.
Running all tests requires running Ocean Protocol components beforehand with Barge, which also runs a ganache-cli
instance:
git clone https://github.com/oceanprotocol/barge
cd barge
./start_ocean.sh --with-provider2 --no-dashboard --with-c2d
You can then proceed to run in another terminal.
Let ocean.js know where to pickup the smart contract addresses, which has been written out by Barge in this location:
export ADDRESS_FILE="${HOME}/.ocean/ocean-contracts/artifacts/address.json"
Build metadata:
npm run build:metadata
Executing linting, type checking, unit, and integration tests with coverage reporting all in one go:
npm test
You can execute the unit tests individually with:
npm run test:unit
# same thing, but with coverage reporting
npm run test:unit:cover
You can execute the integration tests individually with:
npm run test:integration
# same thing, but with coverage reporting
npm run test:integration:cover
Note: On macOS, changes to the
provider
,metadataCache
andsubgraph
URLs are required, as their defaultbarge
IPs can not be accessed due to network constraints on macOS. Instead usehttp://127.0.0.1
for each direct call to the mentioned services, but keep the internalprovider
URL (http://172.15.0.4:8030
) hardcoded inside all DDO'sserviceEndpoint
, and when callingnft.setMetadata()
.
To create a production build, run from the root of the project:
npm run build
Releases are managed semi-automatically. They are always manually triggered from a developer's machine with release scripts.
From a clean main
branch you can run the release task bumping the version accordingly based on semantic versioning:
npm run release
The task does the following:
package.json
, package-lock.json
For the GitHub releases steps a GitHub personal access token, exported as GITHUB_TOKEN
is required. Setup
For pre-releases, this is required for the first one like v0.18.0-next.0
:
./node_modules/.bin/release-it major|minor|patch --preRelease=next
Further releases afterwards can be done with npm run release
again and selecting the appropriate next version, in this case v0.18.0-next.1
and so on.
Copyright ((C)) 2023 Ocean Protocol Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
10 May 2023
FAQs
JavaScript client library for Ocean Protocol
The npm package @oceanprotocol/lib receives a total of 254 weekly downloads. As such, @oceanprotocol/lib popularity was classified as not popular.
We found that @oceanprotocol/lib demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.