Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@uniswap/token-list-bridge-utils
Advanced tools
## Description This package contains utility functions used for converting an L1 token list into a cross-chain tokenlist by adding cross-chain mapping information for Arbitrum, Optimism, and Polygon to a given L1 list.
This package contains utility functions used for converting an L1 token list into a cross-chain tokenlist by adding cross-chain mapping information for Arbitrum, Optimism, and Polygon to a given L1 list.
Mappings get added in the form of an extensions field, following this schema. (Currently does not fill information for origin and destination bridge addresses)
ex:
"name": "Uniswap",
"address": "0x1f9840a85d5aF5bf1D1762F925BDADdC4201F984",
"symbol": "UNI",
"decimals": 18,
"chainId": 1,
"logoURI": "ipfs://QmXttGpZrECX5qCyXbBQiqgQNytVGeZW5Anewvh2jc4psg",
"extensions": {
"bridgeInfo": {
"10": {
"tokenAddress": "0x6fd9d7AD17242c41f7131d257212c54A0e816691"
},
"137": {
"tokenAddress": "0xb33EaAd8d922B1083446DC23f610c2567fB5180f"
},
"42161": {
"tokenAddress": "0xFa7F8980b0f1E64A2062791cc3b0871572f1F7f0"
}
}
}}
Also adds a "root-level" token entry for each of the L2's that a token maps to.
ex. for Optimism:
{
"name": "Uniswap",
"address": "0x6fd9d7AD17242c41f7131d257212c54A0e816691",
"symbol": "UNI",
"decimals": 18,
"chainId": 10,
"logoURI": "ipfs://QmXttGpZrECX5qCyXbBQiqgQNytVGeZW5Anewvh2jc4psg",
"extensions": {
"bridgeInfo": {
"1": {
"tokenAddress": "0x1f9840a85d5aF5bf1D1762F925BDADdC4201F984"
}
}
}
}
chainify
chainifyTokenList
extensions
filled.extensions
filled for the given networkmergeTokenLists
yarn add @uniswap/token-list-bridge-utils
or
npm i @uniswap/token-list-bridge-utils
By default, the library uses https://cloudflare-eth.com/
as the MAINNET_RPC env variable value required by arbitrum-sdk. You can override this value by creating a .env file in your root directory and setting a value for MAINNET_RPC.
Sample .env file contents:
MAINNET_RPC="https://mainnet.infura.io/v3/<infura key>"
Note: If this is not set correctly, the library will throw a NETWORK_ERROR error code.
const bridge_utils = require('@uniswap/token-list-bridge-utils');
let chainifiedList = await bridge_utils.chainify(tokenList);
import { chainify } from '@uniswap/token-list-bridge-utils';
let chainifiedList = await chainify(tokenList);
yarn install
yarn test
DTS scaffolds your new library inside /src
.
To run DTS, use:
npm start # or yarn start
This builds to /dist
and runs the project in watch mode so any edits you save inside src
causes a rebuild to /dist
.
To do a one-off build, use npm run build
or yarn build
.
FAQs
## Description This package contains utility functions used for converting an L1 token list into a cross-chain tokenlist by adding cross-chain mapping information for Arbitrum, Optimism, and Polygon to a given L1 list.
The npm package @uniswap/token-list-bridge-utils receives a total of 24 weekly downloads. As such, @uniswap/token-list-bridge-utils popularity was classified as not popular.
We found that @uniswap/token-list-bridge-utils demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.