Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@solana/rpc-subscriptions-spec
Advanced tools
A generic implementation of JSON RPC Subscriptions using proxies
This package contains types that describe the implementation of the JSON RPC Subscriptions API, as well as methods to create one. It can be used standalone, but it is also exported as part of the Solana JavaScript SDK @solana/web3.js@next
.
This API is designed to be used as follows:
const rpcSubscriptions =
// Step 1 - Create an `RpcSubscriptions` instance. This may be stateful.
createSolanaRpcSubscriptions(mainnet('wss://api.mainnet-beta.solana.com'));
const response = await rpcSubscriptions
// Step 2 - Call supported methods on it to produce `PendingRpcSubscriptionsRequest` objects.
.slotNotifications({ commitment: 'confirmed' })
// Step 3 - Call the `subscribe()` method on those pending requests to trigger them.
.subscribe({ abortSignal: AbortSignal.timeout(10_000) });
// Step 4 - Iterate over the result.
try {
for await (const slotNotification of slotNotifications) {
console.log('Got a slot notification', slotNotification);
}
} catch (e) {
console.error('The subscription closed unexpectedly', e);
} finally {
console.log('We have stopped listening for notifications');
}
RpcSubscriptionsChannel<TOutboundMessage, TInboundMessage>
A channel is a DataPublisher
that you can subscribe to events of type RpcSubscriptionChannelEvents<TInboundMessage>
. Additionally, you can use it to send messages of type TOutboundMessage
back to the remote end by calling the send(message)
method.
RpcSubscriptionsChannelCreator<TOutboundMessage, TInboundMessage>
A channel creator is a function that accepts an AbortSignal
, returns a new RpcSubscriptionsChannel
, and tears down the channel when the abort signal fires.
RpcSubscriptionChannelEvents<TInboundMessage>
Subscription channels publish events on two channel names:
error
: Fires when the channel closes unexpectedlymessage
: Fires on every message received from the remote endexecuteRpcPubSubSubscriptionPlan({ channel, responseTransformer, signal, subscribeRequest, unsubscribeMethodName })
Given a channel, this function executes the particular subscription plan required by the Solana JSON RPC Subscriptions API.
subscribeRequest
on the remote RPCDataPublisher
that publishes notifications related to that subscriptions id, filtering out all othersunsubscribeMethodName
on the remote RPC when the abort signal is fired.transformChannelInboundMessages(channel, transform)
Given a channel with inbound messages of type T
and a function of type T => U
, returns a new channel with inbound messages of type U
. Note that this only affects messages of type "message"
and thus, does not affect incoming error messages.
For instance, it can be used to parse incoming JSON messages:
const transformedChannel = transformChannelInboundMessages(channel, JSON.parse);
transformChannelOutboundMessages(channel, transform)
Given a channel with outbound messages of type T
and a function of type U => T
, returns a new channel with outbound messages of type U
.
For instance, it can be used to stringify JSON messages before sending them over the wire:
const transformedChannel = transformChannelOutboundMessages(channel, JSON.stringify);
FAQs
A generic implementation of JSON RPC Subscriptions using proxies
The npm package @solana/rpc-subscriptions-spec receives a total of 16,295 weekly downloads. As such, @solana/rpc-subscriptions-spec popularity was classified as popular.
We found that @solana/rpc-subscriptions-spec demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 14 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.