Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Dash library for JavaScript/TypeScript ecosystem (Wallet, DAPI, Primitives, BLS, ...)
Dash library for JavaScript/TypeScript ecosystem (Wallet, DAPI, Primitives, BLS, ...)
Dash library provides access via DAPI to use both the Dash Core network and Dash Platform on supported networks. The Dash Core network can be used to broadcast and receive payments. Dash Platform can be used to manage identities, register data contracts for applications, and submit or retrieve application data via documents.
In order to use this library, you will need to add it to your project as a dependency.
Having NodeJS installed, just type : npm install dash
in your terminal.
npm install dash
For browser usage, you can also directly rely on unpkg :
<script src="https://unpkg.com/dash"></script>
const Dash = require("dash"); // or import Dash from "dash"
const client = new Dash.Client({
wallet: {
mnemonic: "arena light cheap control apple buffalo indicate rare motor valid accident isolate",
},
apps: {
tutorialContract: {
// Learn more on how to register Data Contract
// https://dashplatform.readme.io/docs/tutorial-register-a-data-contract#registering-the-data-contract
contractId: "<tutorial-contract-id>"
}
}
});
// Accessing an account allow you to transact with the Dash Network
client.wallet.getAccount().then(async (account) => {
console.log('Funding address', account.getUnusedAddress().address);
const balance = account.getConfirmedBalance();
console.log('Confirmed Balance', balance);
if (balance > 0) {
// Obtain identity - the base of all platform interactions
// Read more on how to create an identity here: https://dashplatform.readme.io/docs/tutorial-register-an-identity
const identityIds = account.identities.getIdentityIds();
const identity = await client.platform.identities.get(identityIds[0]);
// Prepare a new document containing a simple hello world sent to a hypothetical tutorial contract
const document = await client.platform.documents.create(
'tutorialContract.note',
identity,
{ message: 'Hello World' },
);
// Broadcast the document into a new state transition
await client.platform.documents.broadcast({ create: [document] }, identity);
// Retrieve documents
const documents = await client.platform.documents.get('tutorialContract.note', {
limit: 2,
});
console.log(documents);
}
});
Dash SDK bundled into a standalone package, so that the end user never have to worry about mananaging polyfills or related dependencies
const Dash = require('dash')
const {
Essentials: {
Buffer // Node.JS Buffer polyfill.
},
Core: { // @dashevo/dashcore-lib essentials
Transaction,
PrivateKey,
BlockHeader,
// ...
},
PlatformProtocol: { // @dashevo/wasm-dpp essentials
Identity,
Identifier,
},
WalletLib: { // @dashevo/wallet-lib essentials
EVENTS
},
DAPIClient, // @dashevo/dapi-client
} = Dash;
The Dash SDK works using multiple dependencies that might interest you:
Some features might be more extensive in those libs, as Dash SDK only wraps around them to provide a single interface that is easy to use (and thus has less features).
More extensive documentation available at https://dashpay.github.io/platform/SDK/.
Feel free to dive in! Open an issue or submit PRs.
MIT © Dash Core Group, Inc.
FAQs
Dash library for JavaScript/TypeScript ecosystem (Wallet, DAPI, Primitives, BLS, ...)
The npm package dash receives a total of 306 weekly downloads. As such, dash popularity was classified as not popular.
We found that dash demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.