Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@paraswap/sdk
Advanced tools
Refer to the documentation of the ParaSwap API: https://developers.paraswap.network
Versatility: works with both web3 and ethers without direct dependency
Canonical: bring only the functions you actually need
Lightweight: 400B Gzipped for the minimal variant
yarn add @paraswap/sdk
There are multiple ways to use ParaSwap SDK, ranging from a simple construct-and-use approach to a fully composable bring what you need approach which allows for advanced tree-shaking and minimizes bundle size.
Can be created by providing chainId
and either axios
or window.fetch
(or alternative fetch
implementation). The resulting SDK will be able to use all methods that query the API.
import { constructSimpleSDK } from '@paraswap/sdk';
import axios from 'axios';
// construct minimal SDK with fetcher only
const paraSwapMin = constructSimpleSDK({chainId: 1, axios});
// or
const paraSwapMin = constructSimpleSDK({chainId: 1, fetch: window.fetch});
const ETH = '0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee';
const DAI = '0x6B175474E89094C44Da98b954EedeAC495271d0F';
async function swapExample() {
// or any other signer/provider
const signer: JsonRpcSigner = ethers.Wallet.fromMnmemonic('__your_mnemonic__');
const senderAddress = signer.address;
const priceRoute = await paraSwapMin.swap.getRate({
srcToken: ETH,
destToken: DAI,
amount: srcAmount,
userAddress: senderAddress,
side: SwapSide.SELL,
});
const txParams = await paraSwapMin.swap.buildTx(
{
srcToken,
destToken,
srcAmount,
destAmount,
priceRoute,
userAddress: senderAddress,
partner: referrer,
}
);
const transaction = {
...txParams,
gasPrice: '0x' + new BigNumber(txParams.gasPrice).toString(16),
gasLimit: '0x' + new BigNumber(5000000).toString(16),
value: '0x' + new BigNumber(txParams.value).toString(16),
};
const txr = await signer.sendTransaction(transaction);
}
async function approveTokenYourselfExample() {
const TransferProxy = await paraSwapMin.swap.getSpender();
const DAI_CONTRACT = new ethers.Contract(DAI, ERC20_ABI, ethersSignerOrProvider);
const tx = await DAI_CONTRACT.approve(TransferProxy, amountInWei);
const txReceipt = await tx.wait(1);
}
If optional providerOptions
is provided as the second parameter, then the resulting SDK will also be able to approve Tokens for swap.
//
// with ethers.js
const providerOptionsEther = {
ethersProviderOrSigner: provider, // JsonRpcProvider
EthersContract: ethers.Contract,
account: senderAddress,
};
// or with web3.js
const providerOptionsWeb3 = {
web3, // new Web3(...) instance
account: senderAddress,
};
const paraSwap = constructSimpleSDK({chainId: 1, axios}, providerOptionsEther);
async function approveTokenExample() {
const txHash = await paraSwap.approveToken(amountInWei, DAI);
// await tx somehow
await provider.waitForTransaction(txHash);
}
Import the necessary functions
import { constructSDK, constructAxiosFetcher, constructEthersContractCaller } from '@paraswap/sdk';
const signer = ethers.Wallet.fromMnmemonic('__your_mnemonic__'); // or any other signer/provider
const account = '__signer_address__';
const contractCaller = constructEthersContractCaller({
ethersProviderOrSigner: signer,
EthersContract: ethers.Contract,
}, account); // alternatively constructWeb3ContractCaller
const fetcher = constructAxiosFetcher(axios); // alternatively constructFetchFetcher
const paraswap = constructSDK({
chainId: 1,
fetcher,
contractCaller,
});
// if created with constructEthersContractCaller
const contractTx: ContractTransaction = await paraSwap.approveToken(amount, tokenAddress);
const txReceipt = await contractTx.wait();
// if created with constructWeb3ContractCaller
const unpromiEvent: Web3UnpromiEvent = await paraSwap.approveToken(amount, tokenAddress);
const txReceipt = await new Promise<Web3TransactionReceipt>((resolve, reject) => {
unpromiEvent.once('receipt', resolve);
unpromiEvent.once('error', reject);
})
const srcToken = '0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee'; // ETH
const destToken = '0xcAfE001067cDEF266AfB7Eb5A286dCFD277f3dE5'; // PSP
const srcAmount = '1000000000000000000'; //The source amount multiplied by its decimals: 10 ** 18 here
const srcDecimals = 18;
const destDecimals = 18;
const priceRoute = await paraSwap.getRate(
{
srcToken,
destToken,
amount,
srcDecimals,
destDecimals,
}
);
Where priceRoute contains the rate and the distribution among exchanges, checkout the OptimalRates type for more details.
const srcToken = '0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee';
const srcDecimals = 18;
const srcAmount = '1000000000000000000'; // The source amount multiplied by its decimals
const destToken = '0xcAfE001067cDEF266AfB7Eb5A286dCFD277f3dE5';
const destDecimals = 18;
const destAmount = priceRoute.destAmount; // price route being output of paraSwap.getRate()
const senderAddress = '__sender_address__'; // mandatory
const receiver = '__receiver_address__'; // optional: for swap and transfer
const partnerAddress = '__fee_receiver_address__'; // optional: for permission-less monetization
const partnerFeeBps = 50; // optional: fee in base point, for permission-less monetization
const txParams = await paraSwap.buildTx(
{
srcAmount,
srcToken,
srcDecimals,
destAmount,
destToken,
destDecimals,
priceRoute,
senderAddress,
receiver,
partnerAddress,
partnerFeeBps,
}
);
const transactionResponse = await signer.sendTransaction(txParams);
const transactionReceipt = await transactionResponse.wait();
Interact with the ParaSwap SDK in a CodeSandbox playground here
For bundle-size savvy developers, you can construct a lightweight version of the SDK and bring only the functions you need.
e.g. for only getting rates and allowances:
import { constructPartialSDK, constructFetchFetcher, constructGetRate, constructGetBalances } from '@paraswap/sdk';
const fetcher = constructFetchFetcher(window.fetch);
const minParaSwap = constructPartialSDK({
chainId: 1,
fetcher,
}, constructGetRate, constructGetBalances);
const priceRoute = await minParaSwap.getRate(params);
const allowance = await minParaSwap.getAllowance(userAddress, tokenAddress);
The ParaSwap
class is exposed for backwards compatibility with previous versions of the SDK.
import { ParaSwap } from '@paraswap/sdk';
import axios from 'axios';
import Web3 from 'web3';
const web3Provider = new Web3(window.ethereum);
const account = '__user_address__';
const paraswap = new ParaSwap({chainId: 1, web3Provider, account, axios});
Or you can use ethers
in place of web3
import { ParaSwap } from '@paraswap/sdk';
import { ethers } from "ethers";
const ethersProvider = new ethers.providers.Web3Provider(window.ethereum)
const account = '__user_address__';
const paraswap = new ParaSwap({
chainId: 1,
account,
ethersDeps: {
ethersProviderOrSigner: ethersProvider;
EthersContract: ethers.Contract;
},
fetch: window.fetch,
});
By analogy to constructPartialSDK
, you can leverage a lightweight version of the sdk for fetching only.
import { ParaSwap } from '@paraswap/sdk';
const paraswap = new ParaSwap({chainId: 1, fetch: window.fetch});
Refer to this README for depecreated documentation for functions usage.
Refer to SDK API documentation for detailed documentation on the methods provided in this SDK.
To run yarn test
it is necessary to provide PROVIDER_URL=<mainnet_rpc_url>
environment variable.
If it is necessary to run tests against a different API endpoint, provide API_URL=url_to_API
environment variable.
FAQs
ParaSwap SDK
The npm package @paraswap/sdk receives a total of 2,845 weekly downloads. As such, @paraswap/sdk popularity was classified as popular.
We found that @paraswap/sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.