Security News
High-Severity RCE Vulnerability Disclosed in next-mdx-remote
HashiCorp disclosed a high-severity RCE in next-mdx-remote affecting versions 4.3.0 to 5.x when compiling untrusted MDX on the server.
By Sarah Gooding - Feb 12, 2026
Latest Threat Research:Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise.Details →
@pythnetwork/pyth-lazer-sdk
Advanced tools
pyth-lazer-sdk - Readme
Contributing & Development
See contributing.md for information on how to develop or contribute to this project!
How to use
import { PythLazerClient } from "@pythnetwork/pyth-lazer-sdk";
const c = await PythLazerClient.create({
token: "YOUR-AUTH-TOKEN-HERE",
logger: console, // Optionally log operations (to the console in this case.)
webSocketPoolConfig: {
numConnections: 4, // Optionally specify number of parallel redundant connections to reduce the chance of dropped messages. The connections will round-robin across the provided URLs. Default is 4.
onError: (error) => {
console.error("⛔️ WebSocket error:", error.message);
},
// Optional configuration for resilient WebSocket connections
rwsConfig: {
heartbeatTimeoutDurationMs: 5000, // Optional heartbeat timeout duration in milliseconds
maxRetryDelayMs: 1000, // Optional maximum retry delay in milliseconds
logAfterRetryCount: 10, // Optional log after how many retries
},
},
});
c.addMessageListener((message) => {
console.info("received the following from the Lazer stream:", message);
});
// Monitor for all connections in the pool being down simultaneously (e.g. if the internet goes down)
// The connections may still try to reconnect in the background. To shut down the client completely, call shutdown().
c.addAllConnectionsDownListener(() => {
console.error("All connections are down!");
});
// Create and remove one or more subscriptions on the fly
c.subscribe({
type: "subscribe",
subscriptionId: 1,
priceFeedIds: [1, 2],
properties: ["price"],
formats: ["solana"],
deliveryFormat: "binary",
channel: "fixed_rate@200ms",
parsed: false,
jsonBinaryEncoding: "base64",
});
c.subscribe({
type: "subscribe",
subscriptionId: 2,
priceFeedIds: [1, 2, 3, 4, 5],
properties: ["price", "exponent", "publisherCount", "confidence"],
formats: ["evm"],
deliveryFormat: "json",
channel: "fixed_rate@200ms",
parsed: true,
jsonBinaryEncoding: "hex",
});
FAQs
Pyth Lazer SDK
The npm package @pythnetwork/pyth-lazer-sdk receives a total of 4,251 weekly downloads. As such, @pythnetwork/pyth-lazer-sdk popularity was classified as popular.
We found that @pythnetwork/pyth-lazer-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 20 Oct 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
OpenClaw Skill Marketplace Emerges as Active Malware Vector
Security researchers report widespread abuse of OpenClaw skills to deliver info-stealing malware, exposing a new supply chain risk as agent ecosystems scale.
By Sarah Gooding - Feb 09, 2026
Security News
The Next Open Source Security Race: Triage at Machine Speed
Claude Opus 4.6 has uncovered more than 500 open source vulnerabilities, raising new considerations for disclosure, triage, and patching at scale.
By Sarah Gooding - Feb 06, 2026