Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@solana/rpc-transport
Advanced tools
Network transports for accessing the Solana JSON RPC API
This package implements a JSON-RPC client with which you can interact with the Solana network. It can be used standalone, in combination with an RPC specification such as @solana/rpc-core
, but it is also exported as part of the Solana JavaScript SDK @solana/web3.js@experimental
.
A new transport created with createJsonRpc()
can be configured as follows:
api
(required)An object that conforms to IRpcApi<TMethods>
, where TMethods
is an interface that specifies the type of every RPC function.
interface ExampleApi {
getBlocks(startSlot: number, endSlot: number): ReadonlyArray<number>;
}
Crucially, this object does not need to provide implementations of those methods. This allows an infinite number of JSON-RPC methods to be added to the API without affecting the size of the client bundle.
Absent a concrete implementation, @solana/rpc-transport
will simply send the function name and its arguments to the RPC as the JSON-RPC method and params. For example, if no concrete implementation for getBlocks
is provided in api
, the following call:
rpc.getBlocks(1, 20).send();
…will result in an RPC call whose method
is getBlocks
and whose params
are [1, 20]
.
If you would like to modify the inputs to a given method call before they are sent, or would like to post-process the response from the JSON-RPC server, you may supply a concrete implementation for one or more methods of api
.
const api = {
getBlocks(startSlot: number, endSlot: number): ReadonlyArray<number> {
return {
// Optionally pre-process the method name,
methodName: 'getBlocksInRange',
// Pre-process the inputs any way you like.
params: [assertIsInteger(startSlot), assertIsInteger(endSlot)],
// Provide an optional function to modify the response.
responseTransformer: response => ({
confirmedBlocks: response,
queryRange: [startSlot, endSlot],
}),
};
},
};
transport
(required)A function that implements a wire transport.
type RpcTransportConfig = Readonly<{
payload: unknown;
signal?: AbortSignal;
}>;
export interface IRpcTransport {
<TResponse>(config: RpcTransportConfig): Promise<TResponse>;
}
An HTTP wire transport is supplied with this package, but you can supply any wire transport that conforms to IRpcTransport
.
FAQs
Network transports for accessing the Solana JSON RPC API
The npm package @solana/rpc-transport receives a total of 560 weekly downloads. As such, @solana/rpc-transport popularity was classified as not popular.
We found that @solana/rpc-transport demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 13 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.