Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@solana/errors
Advanced tools
Throw, identify, and decode Solana JavaScript errors
This package brings together every error message across all Solana JavaScript modules.
When your bundler sets the constant __DEV__
to true
, every error message will be included in the bundle. As such, you will be able to read them in plain language wherever they appear.
[!WARNING] The size of your JavaScript bundle will increase significantly with the inclusion of every error message in development mode. Be sure to build your bundle with
__DEV__
set tofalse
when you go to production.
When your bundler sets the constant __DEV__
to false
, error messages will be stripped from the bundle to save space. Only the error code will appear when an error is encountered. Follow the instructions in the error message to convert the error code back to the human-readable error message.
For instance, to recover the error text for the error with code 123
:
npx @solana/errors decode 123
src/codes.ts
.SolanaErrorCode
union in src/codes.ts
.src/details.ts
.src/messages.ts
. Any context values that you defined above will be interpolated into the message wherever you write $key
, where key
is the index of a value in the context (eg. 'Missing a signature for account `$address`'
).@solana/errors
.@solana/errors
in the package from which the error is thrown.When an older client throws an error, we want to make sure that they can always decode the error. If you make any of the changes above, old clients will, by definition, not have received your changes. This could make the errors that they throw impossible to decode going forward.
When you catch a SolanaError
and assert its error code using isSolanaError()
, TypeScript will refine the error's context to the type associated with that error code. You can use that context to render useful error messages, or to make context-aware decisions that help your application to recover from the error.
import {
SOLANA_ERROR__TRANSACTION_MISSING_SIGNATURE,
SOLANA_ERROR__TRANSACTION_SIGNATURE_NOT_COMPUTABLE,
isSolanaError,
} from '@solana/errors';
import { assertTransactionIsFullySigned, getSignatureFromTransaction } from '@solana/transactions';
try {
const transactionSignature = getSignatureFromTransaction(tx);
assertTransactionIsFullySigned(tx);
/* ... */
} catch (e) {
if (isSolanaError(e, SOLANA_ERROR__TRANSACTION_MISSING_SIGNATURES)) {
displayError(
"We can't send this transaction without signatures for these addresses:\n- %s",
// The type of the `context` object is now refined to contain `addresses`.
e.context.addresses.join('\n- '),
);
return;
} else if (isSolanaError(e, SOLANA_ERROR__TRANSACTION_SIGNATURE_NOT_COMPUTABLE)) {
if (!tx.feePayer) {
displayError('Choose a fee payer for this transaction before sending it');
} else {
displayError('The fee payer still needs to sign for this transaction');
}
return;
}
throw e;
}
FAQs
Throw, identify, and decode Solana JavaScript errors
The npm package @solana/errors receives a total of 176,044 weekly downloads. As such, @solana/errors popularity was classified as popular.
We found that @solana/errors demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 14 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.