Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@solana/rpc-spec
Advanced tools
A generic implementation of JSON RPCs using proxies
This package contains types that describe the implementation of the JSON RPC API, as well as methods to create one. It can be used standalone, but it is also exported as part of the Solana JavaScript SDK @solana/web3.js@rc
.
This API is designed to be used as follows:
const rpc =
// Step 1 - Create an `Rpc` instance. This may be stateful.
createSolanaRpc(mainnet('https://api.mainnet-beta.solana.com'));
const response = await rpc
// Step 2 - Call supported methods on it to produce `PendingRpcRequest` objects.
.getLatestBlockhash({ commitment: 'confirmed' })
// Step 3 - Call the `send()` method on those pending requests to trigger them.
.send({ abortSignal: AbortSignal.timeout(10_000) });
PendingRpcRequest<TResponse>
Pending requests are the result of calling a supported method on an Rpc
object. They encapsulate all of the information necessary to make the request without actually making it.
Calling the send(options)
method on a PendingRpcRequest
will trigger the request and return a promise for TResponse
.
Rpc<TRpcMethods, TRpcTransport>
An object that exposes all of the functions described by TRpcMethods
, and fulfils them using TRpcTransport
. Calling each method returns a PendingRpcRequest<TResponse>
where TResponse
is that method's response type.
RpcApi<TRpcMethods>
For each of TRpcMethods
this object exposes a method with the same name that maps between its input arguments and a RpcPlan<TResponse>
that describes how to prepare a JSON RPC request to fetch TResponse
.
RpcApiMethods
This is a marker interface that all RPC method definitions must extend to be accepted for use with the RpcApi
creator.
RpcPlan
This type allows an RpcApi
to describe how a particular request should be issued to the JSON RPC server. Given a function that was called on a Rpc
, this object returns an execute
function that dictates which request will be sent, how the underlying transport will be used and how the responses will be transformed.
This function accepts an RpcTransport
and an AbortSignal
and asynchronously returns an RpcResponse
. This gives us the opportunity to:
payload
from the requested method name and parameters before passing it to the transport.TResponse
specified by the PendingRpcRequest<TResponse>
returned from that function.RpcSendOptions
A configuration object consisting of the following properties:
abortSignal
: An optional signal that you can supply when triggering a PendingRpcRequest
that you might later need to abort.RpcTransport
Any function that implements this interface can act as a transport for an Rpc
. It need only return a promise for a response given the following config:
payload
: A value of arbitrary type to be sent.signal
: An optional AbortSignal
on which the 'abort'
event will be fired if the request should be cancelled.createRpc(config)
Creates an RPC instance given an RpcApi<TRpcMethods>
and a RpcTransport
capable of fulfilling them.
A config object with the following properties:
api
: An instance of RpcApi
transport
: A function that implements the RpcTransport
interfacecreateJsonRpcApi(config)
Creates a JavaScript proxy that converts any function call called on it to a RpcPlan
by creating an execute
function that:
methodName
and params
properties, optionally transformed by config.requestTransformer
.config.responseTransformer
function, if provided.// For example, given this `RpcApi`:
const rpcApi = createJsonRpcApi({
requestTransformer: (...rawParams) => rawParams.reverse(),
responseTransformer: response => response.result,
});
// ...the following function call:
rpcApi.foo('bar', { baz: 'bat' });
// ...will produce an `RpcPlan` that:
// - Uses the following payload: { id: 1, jsonrpc: '2.0', method: 'foo', params: ['bar', { baz: 'bat' }] }.
// - Returns the "result" attribute of the RPC response.
A config object with the following properties:
requestTransformer<T>(request: RpcRequest<T>): RpcRequest
: An optional function that transforms the RpcRequest
before it is sent to the JSON RPC server.responseTransformer<T>(response: RpcResponse, request: RpcRequest): RpcResponse<T>
: An optional function that transforms the RpcResponse
before it is returned to the caller.isJsonRpcPayload(payload)
A helper function that returns true
if the given payload is a JSON RPC v2 payload. This means, the payload is an object such that:
jsonrpc
property with a value of '2.0'
.method
property that is a string.params
property of any type.import { isJsonRpcPayload } from '@solana/rpc-spec';
if (isJsonRpcPayload(payload)) {
const payloadMethod: string = payload.method;
const payloadParams: unknown = payload.params;
}
FAQs
A generic implementation of JSON RPCs using proxies
The npm package @solana/rpc-spec receives a total of 12,032 weekly downloads. As such, @solana/rpc-spec popularity was classified as popular.
We found that @solana/rpc-spec demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 14 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.