Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@solana/instructions
Advanced tools
Helpers for creating transaction instructions
This package contains types for creating transaction instructions. It can be used standalone, but it is also exported as part of the Solana JavaScript SDK @solana/web3.js@experimental
.
AccountRole
The purpose for which an account participates in a transaction is described by the AccountRole
type. Every account that participates in a transaction can be read from, but only ones that you mark as writable may be written to, and only ones that you indicate must sign the transaction will gain the privileges associated with signers at runtime.
isSigner | isWritable | |
---|---|---|
AccountRole.READONLY | ❌ | ❌ |
AccountRole.WRITABLE | ❌ | ✅ |
AccountRole.READONLY_SIGNER | ✅ | ❌ |
AccountRole.WRITABLE_SIGNER | ✅ | ✅ |
IAccountMeta<TAddress>
This type represents an account's address and metadata about its mutability and whether it must be a signer of the transaction.
Typically, you will use one of its subtypes.
role | isSigner | isWritable | |
---|---|---|---|
ReadonlyAccount<TAddress> | AccountRole.READONLY | ❌ | ❌ |
WritableAccount<TAddress> | AccountRole.WRITABLE | ❌ | ✅ |
ReadonlySignerAccount<TAddress> | AccountRole.READONLY_SIGNER | ✅ | ❌ |
WritableSignerAccount<TAddress> | AccountRole.WRITABLE_SIGNER | ✅ | ✅ |
For example, you could type the rent sysvar account like this:
type RentSysvar = ReadonlyAccount<'SysvarRent111111111111111111111111111111111'>;
IAccountLookupMeta<TAddress, TLookupTableAddress>
This type represents a lookup of the account's address in an address lookup table. It specifies which lookup table account in which to perform the lookup, the index of the desired account address in that table, and metadata about its mutability. Notably, account addresses obtained via lookups may not act as signers.
Typically, you will use one of its subtypes.
role | isSigner | isWritable | |
---|---|---|---|
ReadonlyLookupAccount<TAddress, TLookupTableAddress> | AccountRole.READONLY | ❌ | ❌ |
WritableLookupAccount<TAddress, TLookupTableAddress> | AccountRole.WRITABLE | ❌ | ✅ |
For example, you could type the rent sysvar account that you looked up in a lookup table like this:
type RentSysvar = ReadonlyLookupAccount<
'SysvarRent111111111111111111111111111111111',
'MyLookupTable111111111111111111111111111111'
>;
IInstruction<TProgramAddress>
Use this to specify an instruction destined for a given program.
type StakeProgramInstruction = IInstruction<'StakeConfig11111111111111111111111111111111'>;
IInstructionWithAccounts<TAccounts>
Use this type to specify an instruction that contains certain accounts.
type InstructionWithTwoAccounts = IInstructionWithAccounts<
[
WritableAccount, // First account
RentSysvar, // Second account
]
>;
IInstructionWithData<TData>
Use this type to specify an instruction whose data conforms to a certain type. This is most useful when you have a branded Uint8Array
that represents a particular instruction.
For example, here is how the AdvanceNonce
instruction is typed.
type AdvanceNonceAccountInstruction<
TNonceAccountAddress extends string = string,
TNonceAuthorityAddress extends string = string,
> = IInstruction<'11111111111111111111111111111111'> &
IInstructionWithAccounts<
[
WritableAccount<TNonceAccountAddress>,
ReadonlyAccount<'SysvarRecentB1ockHashes11111111111111111111'>,
ReadonlySignerAccount<TNonceAuthorityAddress>,
]
> &
IInstructionWithData<AdvanceNonceAccountInstructionData>;
isSignerRole(role: AccountRole)
Returns true
if the AccountRole
given represents that of a signer. Also refines the TypeScript type of the supplied role.
isWritable(role: AccountRole)
Returns true
if the AccountRole
given represents that of a writable account. Also refines the TypeScript type of the supplied role.
mergeRoles(roleA: AccountRole, roleB: AccountRole)
Given two AccountRoles
, will return the AccountRole
that grants the highest privileges of both.
Example:
// Returns `AccountRole.WRITABLE_SIGNER`
mergeRoles(AccountRole.READONLY_SIGNER, AccountRole.WRITABLE);
downgradeRoleToNonSigner(role: AccountRole)
Returns an AccountRole
representing the non-signer variant of the supplied role.
downgradeRoleToReadonly(role: AccountRole)
Returns an AccountRole
representing the non-writable variant of the supplied role.
upgradeRoleToSigner(role: AccountRole)
Returns an AccountRole
representing the signer variant of the supplied role.
upgradeRoleToWritable(role: AccountRole)
Returns an AccountRole
representing the writable variant of the supplied role.
FAQs
Helpers for creating transaction instructions
We found that @solana/instructions demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 14 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.