Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@solana/instructions
Advanced tools
Helpers for creating transaction instructions
This package contains types for creating transaction instructions. It can be used standalone, but it is also exported as part of the Solana JavaScript SDK @solana/web3.js@next
.
AccountRole
The purpose for which an account participates in a transaction is described by the AccountRole
type. Every account that participates in a transaction can be read from, but only ones that you mark as writable may be written to, and only ones that you indicate must sign the transaction will gain the privileges associated with signers at runtime.
isSigner | isWritable | |
---|---|---|
AccountRole.READONLY | ❌ | ❌ |
AccountRole.WRITABLE | ❌ | ✅ |
AccountRole.READONLY_SIGNER | ✅ | ❌ |
AccountRole.WRITABLE_SIGNER | ✅ | ✅ |
IAccountMeta<TAddress>
This type represents an account's address and metadata about its mutability and whether it must be a signer of the transaction.
Typically, you will use one of its subtypes.
role | isSigner | isWritable | |
---|---|---|---|
ReadonlyAccount<TAddress> | AccountRole.READONLY | ❌ | ❌ |
WritableAccount<TAddress> | AccountRole.WRITABLE | ❌ | ✅ |
ReadonlySignerAccount<TAddress> | AccountRole.READONLY_SIGNER | ✅ | ❌ |
WritableSignerAccount<TAddress> | AccountRole.WRITABLE_SIGNER | ✅ | ✅ |
For example, you could type the rent sysvar account like this:
type RentSysvar = ReadonlyAccount<'SysvarRent111111111111111111111111111111111'>;
IAccountLookupMeta<TAddress, TLookupTableAddress>
This type represents a lookup of the account's address in an address lookup table. It specifies which lookup table account in which to perform the lookup, the index of the desired account address in that table, and metadata about its mutability. Notably, account addresses obtained via lookups may not act as signers.
Typically, you will use one of its subtypes.
role | isSigner | isWritable | |
---|---|---|---|
ReadonlyLookupAccount<TAddress, TLookupTableAddress> | AccountRole.READONLY | ❌ | ❌ |
WritableLookupAccount<TAddress, TLookupTableAddress> | AccountRole.WRITABLE | ❌ | ✅ |
For example, you could type the rent sysvar account that you looked up in a lookup table like this:
type RentSysvar = ReadonlyLookupAccount<
'SysvarRent111111111111111111111111111111111',
'MyLookupTable111111111111111111111111111111'
>;
IInstruction<TProgramAddress>
Use this to specify an instruction destined for a given program.
type StakeProgramInstruction = IInstruction<'StakeConfig11111111111111111111111111111111'>;
IInstructionWithAccounts<TAccounts>
Use this type to specify an instruction that contains certain accounts.
type InstructionWithTwoAccounts = IInstructionWithAccounts<
[
WritableAccount, // First account
RentSysvar, // Second account
]
>;
IInstructionWithData<TData>
Use this type to specify an instruction whose data conforms to a certain type. This is most useful when you have a branded Uint8Array
that represents a particular instruction.
For example, here is how the AdvanceNonce
instruction is typed.
type AdvanceNonceAccountInstruction<
TNonceAccountAddress extends string = string,
TNonceAuthorityAddress extends string = string,
> = IInstruction<'11111111111111111111111111111111'> &
IInstructionWithAccounts<
[
WritableAccount<TNonceAccountAddress>,
ReadonlyAccount<'SysvarRecentB1ockHashes11111111111111111111'>,
ReadonlySignerAccount<TNonceAuthorityAddress>,
]
> &
IInstructionWithData<AdvanceNonceAccountInstructionData>;
isSignerRole(role: AccountRole)
Returns true
if the AccountRole
given represents that of a signer. Also refines the TypeScript type of the supplied role.
isWritable(role: AccountRole)
Returns true
if the AccountRole
given represents that of a writable account. Also refines the TypeScript type of the supplied role.
mergeRoles(roleA: AccountRole, roleB: AccountRole)
Given two AccountRoles
, will return the AccountRole
that grants the highest privileges of both.
Example:
// Returns `AccountRole.WRITABLE_SIGNER`
mergeRoles(AccountRole.READONLY_SIGNER, AccountRole.WRITABLE);
downgradeRoleToNonSigner(role: AccountRole)
Returns an AccountRole
representing the non-signer variant of the supplied role.
downgradeRoleToReadonly(role: AccountRole)
Returns an AccountRole
representing the non-writable variant of the supplied role.
upgradeRoleToSigner(role: AccountRole)
Returns an AccountRole
representing the signer variant of the supplied role.
upgradeRoleToWritable(role: AccountRole)
Returns an AccountRole
representing the writable variant of the supplied role.
FAQs
Helpers for creating transaction instructions
The npm package @solana/instructions receives a total of 6,046 weekly downloads. As such, @solana/instructions popularity was classified as popular.
We found that @solana/instructions demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 14 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.