Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
@paraport/sdk
Advanced tools
@paraport/sdk
UI layer for seamless integration of ParaPort cross-chain teleportation functionality.
Installation
pnpm add @paraport/sdk polkadot-api
Install Peer Dependencies
ParaPort SDK requires polkadot-api in your application. Install it as a peer dependency:
# Required peer dependency
pnpm add polkadot-api
Build
- Prerequisites: build
@paraport/static,@paraport/core, and@paraport/vuefirst - From repo root:
pnpm --filter @paraport/static buildpnpm --filter @paraport/core buildpnpm --filter @paraport/vue buildpnpm --filter @paraport/sdk build
Topological order across packages:
@paraport/static→@paraport/core→@paraport/vue→@paraport/sdk→@paraport/react
See TESTING.md for end-to-end build and test flow.
Component Usage
Basic Integration
import '@paraport/sdk/style'
import * as paraport from '@paraport/sdk'
import { connectInjectedExtension } from 'polkadot-api/pjs-signer'
const main = async () => {
// Required signer (polkadot-api compatible)
const getSigner = async () => {
const ext = await connectInjectedExtension('talisman', 'Your App')
const account = ext.getAccounts()[0]
return account.polkadotSigner
}
paraport.init({
integratedTargetId: 'root',
address: USER_ADDRESS,
amount: '10000000000', // 1 DOT
chain: 'AssetHubPolkadot',
asset: 'DOT',
getSigner,
label: 'Mint',
logLevel: 'DEBUG',
onReady: (session) => {
console.log('🚀 ParaPort ready!', session)
},
onSubmit: ({ autoteleport, completed }) => {
console.log('📦 Submit button pressed')
console.log('💥 Autoteleport: ', autoteleport)
console.log('✅ Completed: ', completed)
},
onCompleted: () => {
console.log('✅ Auto-teleport successfully completed!')
},
onAddFunds: () => {
console.log('💰 Add funds button pressed')
},
})
}
main()
With custom endpoints (optional)
import '@paraport/sdk/style'
import * as paraport from '@paraport/sdk'
paraport.init({
integratedTargetId: 'root',
address: USER_ADDRESS,
amount: '10000000000',
chain: 'AssetHubPolkadot',
asset: 'DOT',
endpoints: {
AssetHubPolkadot: ['wss://statemint.api.onfinality.io/public-ws'],
Polkadot: ['wss://polkadot-rpc.publicnode.com']
},
})
Theming
You can customize the UI via CSS variables or per instance:
- Global: override tokens under
.paraportin your app stylesheet using cascade layers. - Per instance: pass
appearance(map of CSS variables) andthemeModetoinit.
paraport.init({
integratedTargetId: 'root',
// ...required params
appearance: { '--radius': '12px', '--accent-blue': '#4f46e5' },
themeMode: 'auto', // 'light' | 'dark' | 'auto'
})
Props Documentation
MountOptions
| Property | Type | Description |
|---|---|---|
| integratedTargetId | string | DOM element ID for component mounting |
| address | string | User's address |
| amount | string | Amount to be teleported |
| chain | string | Chain to be teleported to |
| chains | string[] | Optional list of allowed chains to scope routing/UX |
| asset | string | Asset to be teleported |
| endpoints | Record<string, string[]> | Optional RPC endpoints per chain to override defaults |
| getSigner | () => Promise | Required function returning a polkadot-api signer |
| label | string | Button display text |
| logLevel | string | Log level for debugging (e.g., 'DEBUG') |
| onSubmit | Function | Callback on form submission with { autoteleport, completed } parameters |
| onCompleted | Function | Callback on successful teleport |
| onReady | Function | Callback when UI is ready for interaction |
| onAddFunds | Function | Callback when user clicks to add funds |
License
MIT
FAQs
ParaPort Embedded UI
We found that @paraport/sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 12 Nov 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025