![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@polkadot/rpc-provider
Advanced tools
Changelog
10.4.1 Apr 22, 2023
Contributed:
noInitWarn
flag to signed extension warnings (Thanks to https://github.com/xlc)Changes:
AccountId20
detection with partial matchReadme
Generic transport providers to handle the transport of method calls to and from Polkadot clients from applications interacting with it. It provides an interface to making RPC calls and is generally, unless you are operating at a low-level and taking care of encoding and decoding of parameters/results, it won't be directly used, rather only passed to a higher-level interface.
There are three flavours of the providers provided, one allowing for using HTTP as a transport mechanism, the other using WebSockets, and the third one uses substrate light-client through @substrate/connect. It is generally recommended to use the [[WsProvider]] since in addition to standard calls, it allows for subscriptions where all changes to state can be pushed from the node to the client.
All providers are usable (as is the API), in both browser-based and Node.js environments. Polyfills for unsupported functionality are automatically applied based on feature-detection.
Installation -
yarn add @polkadot/rpc-provider
WebSocket Initialization -
import { WsProvider } from '@polkadot/rpc-provider';
// this is the actual default endpoint
const provider = new WsProvider('ws://127.0.0.1:9944');
const version = await provider.send('client_version', []);
console.log('client version', version);
HTTP Initialization -
import { HttpProvider } from '@polkadot/rpc-provider';
// this is the actual default endpoint
const provider = new HttpProvider('http://127.0.0.1:9933');
const version = await provider.send('chain_getBlockHash', []);
console.log('latest block Hash', hash);
@substrate/connect Initialization -
Instantiating a Provider for the Polkadot Relay Chain:
import { ScProvider } from '@polkadot/rpc-provider';
import * as Sc from '@substrate/connect';
const provider = new ScProvider(Sc, Sc.WellKnownChain.polkadot);
await provider.connect();
const version = await provider.send('chain_getBlockHash', []);
Instantiating a Provider for a Polkadot parachain:
import { ScProvider } from '@polkadot/rpc-provider';
import * as Sc from '@substrate/connect';
const polkadotProvider = new ScProvider(Sc, Sc.WellKnownChain.polkadot);
const parachainProvider = new ScProvider(Sc, parachainSpec, polkadotProvider);
await parachainProvider.connect();
const version = await parachainProvider.send('chain_getBlockHash', []);
FAQs
Unknown package
We found that @polkadot/rpc-provider demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.