Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@solana/errors
Advanced tools
Throw, identify, and decode Solana JavaScript errors
This package brings together every error message across all Solana JavaScript modules.
When your bundler sets the constant __DEV__
to true
, every error message will be included in the bundle. As such, you will be able to read them in plain language wherever they appear.
[!WARNING] The size of your JavaScript bundle will increase significantly with the inclusion of every error message in development mode. Be sure to build your bundle with
__DEV__
set tofalse
when you go to production.
When your bundler sets the constant __DEV__
to false
, error messages will be stripped from the bundle to save space. Only the error code will appear when an error is encountered. Follow the instructions in the error message to convert the error code back to the human-readable error message.
For instance, to recover the error text for the error with code 123
:
npx @solana/errors decode -- 123
src/codes.ts
.SolanaErrorCode
union in src/codes.ts
.src/context.ts
.src/messages.ts
. Any context values that you defined above will be interpolated into the message wherever you write $key
, where key
is the index of a value in the context (eg. 'Missing a signature for account `$address`'
).@solana/errors
.@solana/errors
in the package from which the error is thrown.When an older client throws an error, we want to make sure that they can always decode the error. If you make any of the changes above, old clients will, by definition, not have received your changes. This could make the errors that they throw impossible to decode going forward.
When you catch a SolanaError
and assert its error code using isSolanaError()
, TypeScript will refine the error's context to the type associated with that error code. You can use that context to render useful error messages, or to make context-aware decisions that help your application to recover from the error.
import {
SOLANA_ERROR__TRANSACTION__MISSING_SIGNATURE,
SOLANA_ERROR__TRANSACTION__FEE_PAYER_SIGNATURE_MISSING,
isSolanaError,
} from '@solana/errors';
import { assertTransactionIsFullySigned, getSignatureFromTransaction } from '@solana/transactions';
try {
const transactionSignature = getSignatureFromTransaction(tx);
assertTransactionIsFullySigned(tx);
/* ... */
} catch (e) {
if (isSolanaError(e, SOLANA_ERROR__TRANSACTION__SIGNATURES_MISSING)) {
displayError(
"We can't send this transaction without signatures for these addresses:\n- %s",
// The type of the `context` object is now refined to contain `addresses`.
e.context.addresses.join('\n- '),
);
return;
} else if (isSolanaError(e, SOLANA_ERROR__TRANSACTION__FEE_PAYER_SIGNATURE_MISSING)) {
if (!tx.feePayer) {
displayError('Choose a fee payer for this transaction before sending it');
} else {
displayError('The fee payer still needs to sign for this transaction');
}
return;
}
throw e;
}
FAQs
Throw, identify, and decode Solana JavaScript errors
The npm package @solana/errors receives a total of 207,390 weekly downloads. As such, @solana/errors popularity was classified as popular.
We found that @solana/errors demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 14 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.