Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@solana/rpc-transformers
Advanced tools
Reusable transformers for patching RPC inputs and outputs
getDefaultRequestTransformerForSolanaRpc(config)
Returns the default request transformer for the Solana RPC API. Under the hood, this function composes multiple RpcRequestTransformers
together such as the getDefaultCommitmentTransformer
, the getIntegerOverflowRequestTransformer
and the getBigIntDowncastRequestTransformer
.
import { getDefaultRequestTransformerForSolanaRpc } from '@solana/rpc-transformers';
const requestTransformer = getDefaultRequestTransformerForSolanaRpc({
defaultCommitment: 'confirmed',
onIntegerOverflow: (request, keyPath, value) => {
throw new Error(`Integer overflow at ${keyPath.join('.')}: ${value}`);
},
});
getDefaultCommitmentTransformer(config)
Creates a transformer that adds the provided default commitment to the configuration object of the request when applicable.
import { getDefaultCommitmentTransformer, OPTIONS_OBJECT_POSITION_BY_METHOD } from '@solana/rpc-transformers';
const requestTransformer = getDefaultCommitmentTransformer({
defaultCommitment: 'confirmed',
optionsObjectPositionByMethod: OPTIONS_OBJECT_POSITION_BY_METHOD,
});
getIntegerOverflowRequestTransformer(handler)
Creates a transformer that traverses the request parameters and executes the provided handler when an integer overflow is detected.
import { getIntegerOverflowRequestTransformer } from '@solana/rpc-transformers';
const requestTransformer = getIntegerOverflowRequestTransformer((request, keyPath, value) => {
throw new Error(`Integer overflow at ${keyPath.join('.')}: ${value}`);
});
getBigIntDowncastRequestTransformer()
Creates a transformer that downcasts all BigInt
values to Number
.
import { getBigIntDowncastRequestTransformer } from '@solana/rpc-transformers';
const requestTransformer = getBigIntDowncastRequestTransformer();
getTreeWalkerRequestTransformer(visitors, initialState)
Creates a transformer that traverses the request parameters and executes the provided visitors at each node. A custom initial state can be provided but must at least provide { keyPath: [] }
.
import { getTreeWalkerRequestTransformer } from '@solana/rpc-transformers';
const requestTransformer = getTreeWalkerRequestTransformer(
[
// Replaces foo.bar with "baz".
(node, state) => (state.keyPath === ['foo', 'bar'] ? 'baz' : node),
// Increments all numbers by 1.
node => (typeof node === number ? node + 1 : node),
],
{ keyPath: [] },
);
getDefaultResponseTransformerForSolanaRpc(config)
Returns the default response transformer for the Solana RPC API. Under the hood, this function composes multiple RpcResponseTransformers
together such as the getThrowSolanaErrorResponseTransformer
, the getResultResponseTransformer
and the getBigIntUpcastResponseTransformer
.
import { getDefaultResponseTransformerForSolanaRpc } from '@solana/rpc-transformers';
const responseTransformer = getDefaultResponseTransformerForSolanaRpc({
allowedNumericKeyPaths: getAllowedNumericKeypaths(),
});
getThrowSolanaErrorResponseTransformer()
Returns a transformer that throws a SolanaError
with the appropriate RPC error code if the body of the RPC response contains an error.
import { getThrowSolanaErrorResponseTransformer } from '@solana/rpc-transformers';
const responseTransformer = getThrowSolanaErrorResponseTransformer();
getResultResponseTransformer()
Returns a transformer that extracts the result
field from the body of the RPC response. For instance, we go from { jsonrpc: '2.0', result: 'foo', id: 1 }
to 'foo'
.
import { getResultResponseTransformer } from '@solana/rpc-transformers';
const responseTransformer = getResultResponseTransformer();
getBigIntUpcastResponseTransformer(allowedNumericKeyPaths)
Returns a transformer that upcasts all Number
values to BigInts
unless they match within the provided KeyPaths
. In other words, the provided KeyPaths
will remain as Number
values, any other numeric value will be upcasted to a BigInt
. Note that you can use KEYPATH_WILDCARD
to match any key within a KeyPath
.
import { getBigIntUpcastResponseTransformer } from '@solana/rpc-transformers';
const responseTransformer = getBigIntUpcastResponseTransformer([
['index'],
['instructions', KEYPATH_WILDCARD, 'accounts', KEYPATH_WILDCARD],
['instructions', KEYPATH_WILDCARD, 'programIdIndex'],
['instructions', KEYPATH_WILDCARD, 'stackHeight'],
]);
getTreeWalkerResponseTransformer(visitors, initialState)
Creates a transformer that traverses the json response and executes the provided visitors at each node. A custom initial state can be provided but must at least provide { keyPath: [] }
.
import { getTreeWalkerResponseTransformer } from '@solana/rpc-transformers';
const responseTransformer = getTreeWalkerResponseTransformer(
[
// Replaces foo.bar with "baz".
(node, state) => (state.keyPath === ['foo', 'bar'] ? 'baz' : node),
// Increments all numbers by 1.
node => (typeof node === number ? node + 1 : node),
],
{ keyPath: [] },
);
FAQs
Reusable transformers for patching RPC inputs and outputs
The npm package @solana/rpc-transformers receives a total of 10,714 weekly downloads. As such, @solana/rpc-transformers popularity was classified as popular.
We found that @solana/rpc-transformers demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 14 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.