Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@pontem/coins-registry
Advanced tools
We are developing our own Coin Registry file formats for LiquidSwap, which contains all the information about coins and pools in which coins can be exchanged.
Currently, we use two files for data:
And an index.js file for easier usage of coins-registry in other projects. Through the interface, it is easy to get tokens or pools lists for the selected chain type. It provides two methods: getCoinsFor
, getPoolsFor
and getStakingPoolsFor
. Each of these methods requires the network type as an argument. Possible values for network types: mainnet
and testnet
.
There is a coins list in coins.json. One coin can be presented as follows:
{
"source": "aptos",
"name": "Aptos Coin",
"chainId": 1,
"decimals": 8,
"symbol": "APT",
"type": "0x1::aptos_coin::AptosCoin",
"caution": false,
"order": 1
}
source
- enum data type with strict value check. If you’d like to add the new value into it, fill the form. Usually source is the name of a partner's company to add many coins into the list. We support now following sources:
aptos
- for the native Aptos Coin.partners
- for other coins.celer
- for coins provided by Celer.layerzero
- for coins provided by Layer Zero.wormhole
- for coins provided by Wormhole.name
- coins' full name. We update this value by a request to the node. It is used on Picture 1 as a bottom string after the dot (on the picture it is Bitcoin).
chainId
- for mainnet value is 1. Currently, testnet coins stored in the testnet
branch of this repo.
decimals
- how many decimals supports your coin. We update this value by a request to the node.
symbol
- it is used to construct a coin alias, which can be equal to symbol as on Picture 1 in the top string.
type
- full type of coin. String with following structure ADDRESS::MODULE::COIN, e.g. 0x1000000fa32d122c18a6a31c009ce5e71674f22d06a581bb0a15575e6addadcc::usda::USDA
.
caution
- if we need to show warning icon near the coin - we will add the caution field.
order
- order of coin in coins list. Current logic:
1 Apt
10 USDC
20 USDT
30 DAI
40 BTC
50 WETH
60 BUSD / BNB
1000 other coins
{
"coinX": "0xf22bede237a07e121b56d91a491eb7bcdfd1f5907926a9e58338f964a01b17fa::asset::USDT",
"coinY": "0x1::aptos_coin::AptosCoin",
"curve": "unstable",
"networkId": 1
}
coinX
- full type of coin. String with following structure ADDRESS::MODULE::COIN, e.g. 0xf22bede237a07e121b56d91a491eb7bcdfd1f5907926a9e58338f964a01b17fa::asset::USDT
.
coinY
- full type of coin. String with following structure ADDRESS::MODULE::COIN, e.g. 0x1::aptos_coin::AptosCoin
.
⚠️ Coins should be sorted.
curve
- to strictly point curve type use the following values:
You are welcome to fork the current repository and do a PR.
The current repository maintaining under MIT license.
Check formatting with
yarn test
Distributed under the MIT License. See LICENSE
for more information.
FAQs
Liquidswap & Pontem Wallet coins & pools registry
The npm package @pontem/coins-registry receives a total of 24 weekly downloads. As such, @pontem/coins-registry popularity was classified as not popular.
We found that @pontem/coins-registry demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.