Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Ethereum blockchain orchestration, testing, CLI, and Dapp scaffolding.
easiest: use docker (it handles the environment and RPC node for you):
docker run -ti --rm --name clevis -p 3000:3000 -p 8545:8545 \
-v ~/your-dapp-directory:/dapp austingriffith/clevis:latest
OR install/link for the source:
git clone https://github.com/austintgriffith/clevis.git
cd clevis
npm install
sudo npm link
OR try an npm install:
sudo npm install --unsafe-perm -g clevis@latest
If you aren't using docker make sure you install ganache-cli and mocha:
npm install -g ganache-cli
npm install -g mocha
Read full article and watch screencast here!
docker exec -ti clevis bash
docker run -ti --rm --name clevis --env network="http://10.0.0.107:8545" \
-p 3000:3000 -p 8545:8545 -v ~/your-dapp-directory:/dapp austingriffith/clevis
docker run -ti --rm --name clevis --env network="rinkeby" \
-p 3000:3000 -p 8545:8545 -v ~/your-dapp-directory:/dapp austingriffith/clevis
docker run -ti --rm --name clevis --env network="ropsten" \
-p 3000:3000 -p 8545:8545 -v ~/your-dapp-directory:/dapp austingriffith/clevis
docker run -ti --rm --name clevis --env network="mainnet." \
-p 3000:3000 -p 8545:8545 -v ~/your-dapp-directory:/dapp austingriffith/clevis
git clone https://github.com/austintgriffith/clevis.git
cd clevis
docker build . -t clevis
docker run -ti --rm --name clevis -p 3000:3000 -p 8545:8545 -v ~/your-dapp-directory:/dapp clevis
If you want to use Infura to deploy, you need to make the following changes:
In your clevis.json
config file, change:
USE_INFURA: true
Create a .env file
and add your private key under mnemonic:
mnemonic=32h42hj34mysuperprivakeyasdasd2h34hjk234
Right now the web3 dependencies are not very well supported and installs can fail on certain machines.
I would recommend using Docker and the container model because it handles the environment and geth node for you.
WARNING if you get this error: gyp ERR! stack Error: EACCES: permission denied, mkdir '/usr/local/lib/node_modules/clevis/node_modules/scrypt/build'
rm -rf .node-gyp
sudo npm install --unsafe-perm -g clevis@latest
Sometimes you might get a "Cannot find module 'web3' error"
clevis test version
(node:32368) UnhandledPromiseRejectionWarning: Error: Cannot find module 'web3'
at Function.Module._resolveFilename (internal/modules/cjs/loader.js:581:15)
at Function.Module._load (internal/modules/cjs/loader.js:507:25)
at Module.require (internal/modules/cjs/loader.js:637:17)
at require (internal/modules/cjs/helpers.js:20:18)
...
(node:32368) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:32368) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
The fix for this is to go to wherever you have clevis cloned and run an npm link again: (and maybe an npm i)
cd ~/clevis
npm link
If you have other errors or problems, let's get this list populated. Shoot me an email and let's debug: austin@concurrence.io
clevis help
lists available commands and usage
clevis init
installs/updates latest version, creates the react app, and initializes configuration
clevis version
lists current version
clevis update
loads latest prices and standard gas and updates config
clevis accounts
lists accounts from Geth or other RPC endpoint
clevis new ""
creates a new address
clevis unlock 0 ""
unlocks account
clevis send 0.1 0 1
send ether from one local account to another by index
clevis sendTo 0.1 0 0x6FC8152A3C0E0aC8e61faf233915e1334b58fC77
send ether from local account to any address
clevis balance 0x6FC8152A3C0E0aC8e61faf233915e1334b58fC77
get balance of any Ethereum address or local index
clevis sign "Hello World" 0 ""
sign a string with a local account
clevis recover "Hello World" "0x87dc7..."
recover address used to sign a string
clevis sha3 "Hello World"
generates the keccak256 hash of a string
clevis sendData 0.001 0 0x6FC8152A3C0E0aC8e61faf233915e1334b58fC77 "0x01"
send ether and/or data to an account
clevis create SomeContract
create a contract
clevis compile SomeContract
compile a contract
clevis deploy SomeContract 0
deploy a contract
clevis explain SomeContract
list all contract commands/events etc
clevis contract someFunction SomeContract 1 someArgument
interact with a contract these scripts are generated automatically using the ABI (list .clevis folder inside any contract folder to see all scripts)
you can also read from contracts:
clevis contract balanceOf Copper 0x2a906694d15df38f59e76ed3a5735f8aabcce9cb
clevis contract eventMyEvent SomeContract
Shows all the logs emitted under eventname.
Please note that there is not blank between event and your event name.
clevis test compile
run mocha test from tests folder
clevis wei 100000000000 ether
convert from wei to ether or others like gwei or szabo
clevis wei 0.001 ether
convert to wei from ether or others like gwei or szabo
clevis hex "Hello World"
convert a string to hex
clevis ascii "0x48656c6c6f20576f726c64"
convert hex to a string
clevis blockNumber
get current block number
clevis block 2618069
get block information
clevis transaction 0x474acab2ba2702a90c4b774d7cee7fe1364ca1df01735ecef188522f8ce40bc4
get transaction information
clevis build
builds static react site
clevis upload metatx.io
uploads static react site to s3 bucket named after url
clevis invalidate E3837d00567
invalidate cloudfront caching to show fresh content
FAQs
Ethereum blockchain orchestration, testing, CLI, and Dapp scaffolding.
The npm package clevis receives a total of 15 weekly downloads. As such, clevis popularity was classified as not popular.
We found that clevis demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.