Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@zilliqa-js/core
Advanced tools
Core abstractions required for interacting with the blockchain.
BaseProvider
Base class for concrete Providers
.
BaseProvider
Parameters
nodeURL
: string
- the URL of the lookup node to send requests to.reqMiddleware
: Map<Matcher, ReqMiddlewareFn[]>
- an ES6 Map
of
Matcher
, ReqMiddlewareFn[]
pairs.reqMiddleware
: Map<Matcher, ResMiddlewareFn[]>
- an ES6 Map
of
Matcher
, ResMiddlewareFn[]
pairs.Returns
BaseProvider
middleware: { request: { use(fn: ReqMiddlewareFn, match: Matcher = '*') }, response: use(fn: ResMiddlewareFn, match: Matcher = '*') }
An object that allows setting middleware on requests and responses. Middleware allows fine-grained control over the request-reponse cycle.
Request middleware is called with details of the RPC request. Response middleware, in addition to the response, is called with the originating request object.
Matcher
is either an RPC method, a regular expression, or the wildcard
matcher, the string '*'
.
Example
In the following example, all requests sent through the module will
transparently JSON encode CreateTransaction
requests in a format required by
the Zilliqa RPC server.
// myMiddleware.js
// myMiddleware listens for CreateTransaction RPC requests, transforming
// `amount`, `gasLimit` and `gasPrice` to `string`, so that the RPC server will
// be able to process the transaction.
export function myMiddleware(req) {
// This check is, in fact, not required if you make use of `Matcher`.
if (
req.payload.method === RPCMethod.CreateTransaction &&
isTxParams(req.payload.params[0])
) {
const txConfig = req.payload.params[0];
const ret = {
...req,
payload: {
...req.payload,
params: [
{
...txConfig,
amount: txConfig.amount.toString(),
gasLimit: txConfig.gasLimit.toString(),
gasPrice: txConfig.gasPrice.toString(),
},
],
},
};
return ret;
}
return req;
}
// myModule.js
import { myMiddleware } from './myMiddleware.js';
export class MyModule {
// other code
...
// use the middleware function. As `'CreateTransaction'` was passed as the
// `Matcher`, myMiddleware will only be called on `CreateTransaction`
// requests.
constructor(provider: Provider) {
this.provider = provider;
this.provider.middleware.request.use(
myMiddleware,
'CreateTransaction',
);
}
// other code
...
}
HTTPProvider
Concrete Provider
. Extends BaseProvider
.
send<P extends any[], R = any, E string>(method: RPCMethod, ...params: P): Promise<RPCResponse<R,E>>
Parameters
method
: RPCMethod
- a valid Zilliqa JSON-RPC method (string
).params
: any[]
- an array of arbitrary parameters to send.Returns
Promise<RPCResponse<R,E>>
- resolves with the reponse, or rejects with an error, if any.sign
Method decorator used to decorate methods whose first argument is
Signable
, i.e., have a bytes
property.
Example
@sign
async createTransaction(tx: Transaction): Promise<Transaction> {
// `Transaction` satifies `Signable`.
// As it is the first argument of `createTransaction`, `tx` is already
// signed by the time `createTransaction` begins to execute.
// code to send the transaction to the node or pass it on to another
// method/function
}
FAQs
Core abstractions that power the zilliqa JS client.
The npm package @zilliqa-js/core receives a total of 653 weekly downloads. As such, @zilliqa-js/core popularity was classified as not popular.
We found that @zilliqa-js/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.